diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/dhcp-CVE-2022-2928.patch b/SOURCES/dhcp-CVE-2022-2928.patch
new file mode 100644
index 0000000..485b1d8
--- /dev/null
+++ b/SOURCES/dhcp-CVE-2022-2928.patch
@@ -0,0 +1,32 @@
+diff --git a/common/options.c b/common/options.c
+index ed8ac38..addc65a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -4397,6 +4397,8 @@ add_option(struct option_state *options,
+ 	if (!option_cache_allocate(&oc, MDL)) {
+ 		log_error("No memory for option cache adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		return 0;
+ 	}
+ 
+@@ -4408,6 +4410,8 @@ add_option(struct option_state *options,
+ 			     MDL)) {
+ 		log_error("No memory for constant data adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		option_cache_dereference(&oc, MDL);
+ 		return 0;
+ 	}
+@@ -4416,6 +4420,9 @@ add_option(struct option_state *options,
+ 	save_option(&dhcp_universe, options, oc);
+ 	option_cache_dereference(&oc, MDL);
+ 
++	/* Get rid of reference created during hash lookup. */
++	option_dereference(&option, MDL);
++
+ 	return 1;
+ }
+ 
diff --git a/SOURCES/dhcp-CVE-2022-2929.patch b/SOURCES/dhcp-CVE-2022-2929.patch
new file mode 100644
index 0000000..d719bf6
--- /dev/null
+++ b/SOURCES/dhcp-CVE-2022-2929.patch
@@ -0,0 +1,25 @@
+diff --git a/common/options.c b/common/options.c
+index addc65a..3e6383a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options,
+ 		while (s < &bp -> data[0] + length + 2) {
+ 			len = *s;
+ 			if (len > 63) {
+-				log_info ("fancy bits in fqdn option");
+-				return 0;
++				log_info ("label length exceeds 63 in fqdn option");
++				goto bad;
+ 			}
+ 			if (len == 0) {
+ 				terminated = 1;
+ 				break;
+ 			}
+ 			if (s + len > &bp -> data [0] + length + 3) {
+-				log_info ("fqdn tag longer than buffer");
+-				return 0;
++				log_info ("fqdn label longer than buffer");
++				goto bad;
+ 			}
+ 
+ 			if (first_len == 0) {
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 74bd3fc..2c1428d 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.6
-Release:  48%{?dist}.1
+Release:  49%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -85,7 +85,9 @@ Patch49:  dhcp-detect-system-time-jumps.patch
 Patch50:  dhcp-key_algorithm.patch
 Patch51:  dhcp-statement_parser.patch
 Patch52:  dhcp-omshell-hmac-sha512-support.patch
-Patch53:  dhcp-dhcp6-vendor-opts.patch
+Patch53:  dhcp-CVE-2022-2928.patch
+Patch54:  dhcp-CVE-2022-2929.patch
+Patch55:  dhcp-dhcp6-vendor-opts.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -370,9 +372,15 @@ rm bind/bind.tar.gz
 # https://bugzilla.redhat.com/show_bug.cgi?id=2016248
 %patch52 -p1
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=2142025
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132248
 %patch53 -p1
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132245
+%patch54 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142024
+%patch55 -p1
+
 # Update paths in all man pages
 for page in client/dhclient.conf.5 client/dhclient.leases.5 \
             client/dhclient-script.8 client/dhclient.8 ; do
@@ -706,11 +714,10 @@ done
 %endif
 
 %changelog
-* Thu Jan 12 2023 CentOS Sources <bugs@centos.org> - 4.3.6-48.el8.centos.1
-- Apply debranding changes
-
-* Sun Nov 20 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48.1
-- send back dhcp6.vendor-opts again (#2142025)
+* Tue Oct 11 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-49
+- Fix for CVE-2022-2928
+- Fix for CVE-2022-2929
+- send back dhcp6.vendor-opts again (#2142024)
 
 * Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48
 - omshell: add support for hmac-sha512 algorithm (#2016248)