diff --git a/0003-CVE-2023-43090.patch b/0003-CVE-2023-43090.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fde8b79485e29782a77f260af272f894c7ac8ff8
--- /dev/null
+++ b/0003-CVE-2023-43090.patch
@@ -0,0 +1,108 @@
+From 521525948eed85cc27c0796a0b9569d161df81ba Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
+Date: Thu, 7 Sep 2023 17:59:03 +0200
+Subject: [PATCH 1/2] screenshot: Do not wrongly enable window button
+
+The window button is disabled when
+ - there are no windows
+ - we are in screen-recording mode
+ - the session mode doesn't allow windows
+
+However the last condition is only taken into account when
+opening the dialog, but not when switching from recording-
+to screenshot mode.
+
+Address this by updating the button's sensitivity in a separate
+function, so the different conditions are considered consistently.
+
+Closes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
+
+Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944>
+---
+ js/ui/screenshot.js | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/js/ui/screenshot.js b/js/ui/screenshot.js
+index d3c28a26b69..d6365339680 100644
+--- a/js/ui/screenshot.js
++++ b/js/ui/screenshot.js
+@@ -1401,6 +1401,16 @@ export const ScreenshotUI = GObject.registerClass({
+         this._castButton.reactive = Main.sessionMode.allowScreencast;
+     }
+ 
++    _syncWindowButtonSensitivity() {
++        const windows =
++            this._windowSelectors.flatMap(selector => selector.windows());
++
++        this._windowButton.reactive =
++            Main.sessionMode.hasWindows &&
++            windows.length > 0 &&
++            !this._castButton.checked;
++    }
++
+     _refreshButtonLayout() {
+         const buttonLayout = Meta.prefs_get_button_layout();
+ 
+@@ -1517,10 +1527,7 @@ export const ScreenshotUI = GObject.registerClass({
+                 });
+             }
+ 
+-            this._windowButton.reactive =
+-                Main.sessionMode.hasWindows &&
+-                windows.length > 0 &&
+-                !this._castButton.checked;
++            this._syncWindowButtonSensitivity();
+             if (!this._windowButton.reactive)
+                 this._selectionButton.checked = true;
+ 
+@@ -1763,9 +1770,7 @@ export const ScreenshotUI = GObject.registerClass({
+ 
+             this._captureButton.remove_style_pseudo_class('cast');
+ 
+-            const windows =
+-                this._windowSelectors.flatMap(selector => selector.windows());
+-            this._windowButton.reactive = windows.length > 0;
++            this._syncWindowButtonSensitivity();
+         }
+     }
+ 
+-- 
+GitLab
+
+
+From 671df28a509ae208e158976f0855d91fdbea16a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Florian=20M=C3=BCllner?= <fmuellner@gnome.org>
+Date: Thu, 7 Sep 2023 18:00:21 +0200
+Subject: [PATCH 2/2] screenshot: Only handle mode-switch shortcut when
+ supported
+
+We currently handle the 'v' key to switch between recording- and
+screenshot mode regardless of whether screen recordings are
+supported.
+
+This is clearly wrong, don't do that.
+
+Closes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
+
+Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944>
+---
+ js/ui/screenshot.js | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/js/ui/screenshot.js b/js/ui/screenshot.js
+index d6365339680..c5c089c6bf0 100644
+--- a/js/ui/screenshot.js
++++ b/js/ui/screenshot.js
+@@ -2040,7 +2040,8 @@ export const ScreenshotUI = GObject.registerClass({
+             return Clutter.EVENT_STOP;
+         }
+ 
+-        if (symbol === Clutter.KEY_v || symbol === Clutter.KEY_V) {
++        if (this._castButton.reactive &&
++            (symbol === Clutter.KEY_v || symbol === Clutter.KEY_V)) {
+             this._castButton.checked = !this._castButton.checked;
+             return Clutter.EVENT_STOP;
+         }
+-- 
+GitLab
+
diff --git a/gnome-shell.spec b/gnome-shell.spec
index 068b05a87b781a1c8e7a204b921e5de3914521bd..3dc90a6b8234383b0126158173b36b5b5676eb4e 100644
--- a/gnome-shell.spec
+++ b/gnome-shell.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 Name:           gnome-shell
 Version:        44.1
@@ -16,6 +16,7 @@ Patch0001: 0001-gnome-shell-favourite-apps-firefox.patch
 # Some users might have a broken PAM config, so we really need this
 # downstream patch to stop trying on configuration errors.
 Patch0002: 0002-gdm-Work-around-failing-fingerprint-auth.patch
+Patch0003: 0003-CVE-2023-43090.patch
 
 BuildRequires: meson >= 0.58.0
 BuildRequires: gettext
@@ -214,6 +215,9 @@ mkdir -p %{buildroot}%{_datadir}/gnome-shell/search-providers
 %doc README.md
 
 %changelog
+* Fri Apr 18 2025 wh02252983 <wh02252983@alibaba-inc.com> - 44.1-2
+- Fix CVE-2023-43090
+
 * Wed Apr 26 2023 Funda Wang <fundawang@yeah.net> - 44.1-1
 - New version 44.1