diff --git a/SOURCES/apr-1.4.8-CVE-2017-12613.patch b/SOURCES/apr-1.4.8-CVE-2017-12613.patch
new file mode 100644
index 0000000..4436f64
--- /dev/null
+++ b/SOURCES/apr-1.4.8-CVE-2017-12613.patch
@@ -0,0 +1,12 @@
+--- a/time/unix/time.c  2017/09/10 22:11:37 1807974
++++ b/time/unix/time.c  2017/09/10 22:30:14 1807975
+@@ -142,6 +142,9 @@
+     static const int dayoffset[12] =
+     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+ 
++    if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++        return APR_EBADDATE;
++
+     /* shift new year to 1st March in order to make leap year calc easy */
+ 
+     if (xt->tm_mon < 2)
diff --git a/SPECS/apr.spec b/SPECS/apr.spec
index 20cc20e..e4380ee 100644
--- a/SPECS/apr.spec
+++ b/SPECS/apr.spec
@@ -6,7 +6,7 @@
 Summary: Apache Portable Runtime library
 Name: apr
 Version: 1.4.8
-Release: 3%{?dist}
+Release: 3%{?dist}.1
 # ASL 2.0: everything
 # ISC: network_io/apr-1.4.6/network_io/unix/inet_?to?.c
 # BSD with advertising: strings/apr_snprintf.c, strings/apr_fnmatch.c,
@@ -21,6 +21,9 @@ Source1: apr-wrapper.h
 Patch2: apr-1.2.2-locktimeout.patch
 Patch3: apr-1.2.2-libdir.patch
 Patch4: apr-1.2.7-pkgconf.patch
+
+#Security patches
+Patch10: apr-1.4.8-CVE-2017-12613.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires: autoconf, libtool, libuuid-devel, python
 # To enable SCTP support
@@ -50,6 +53,9 @@ C data structures and routines.
 %patch3 -p1 -b .libdir
 %patch4 -p1 -b .pkgconf
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1506523
+%patch10 -p1 -b .CVE-2017-12613
+
 %build
 # regenerate configure script etc.
 ./buildconf
@@ -129,6 +135,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/*.m4
 
 %changelog
+* Mon Oct 30 2017 Luboš Uhliarik <luhliari@redhat.com> - 1.4.8-3.1
+- Resolves: #1507349 - CVE-2017-12613 apr: Out-of-bounds array deref
+  in apr_time_exp*() functions
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.8-3
 - Mass rebuild 2014-01-24