diff --git a/README.debrand b/README.debrand
deleted file mode 100644
index 01c46d2..0000000
--- a/README.debrand
+++ /dev/null
@@ -1,2 +0,0 @@
-Warning: This package was configured for automatic debranding, but the changes
-failed to apply.
diff --git a/SOURCES/dhcp-CVE-2022-2928.patch b/SOURCES/dhcp-CVE-2022-2928.patch
new file mode 100644
index 0000000..485b1d8
--- /dev/null
+++ b/SOURCES/dhcp-CVE-2022-2928.patch
@@ -0,0 +1,32 @@
+diff --git a/common/options.c b/common/options.c
+index ed8ac38..addc65a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -4397,6 +4397,8 @@ add_option(struct option_state *options,
+ 	if (!option_cache_allocate(&oc, MDL)) {
+ 		log_error("No memory for option cache adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		return 0;
+ 	}
+ 
+@@ -4408,6 +4410,8 @@ add_option(struct option_state *options,
+ 			     MDL)) {
+ 		log_error("No memory for constant data adding %s (option %d).",
+ 			  option->name, option_num);
++		/* Get rid of reference created during hash lookup. */
++		option_dereference(&option, MDL);
+ 		option_cache_dereference(&oc, MDL);
+ 		return 0;
+ 	}
+@@ -4416,6 +4420,9 @@ add_option(struct option_state *options,
+ 	save_option(&dhcp_universe, options, oc);
+ 	option_cache_dereference(&oc, MDL);
+ 
++	/* Get rid of reference created during hash lookup. */
++	option_dereference(&option, MDL);
++
+ 	return 1;
+ }
+ 
diff --git a/SOURCES/dhcp-CVE-2022-2929.patch b/SOURCES/dhcp-CVE-2022-2929.patch
new file mode 100644
index 0000000..d719bf6
--- /dev/null
+++ b/SOURCES/dhcp-CVE-2022-2929.patch
@@ -0,0 +1,25 @@
+diff --git a/common/options.c b/common/options.c
+index addc65a..3e6383a 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -435,16 +435,16 @@ int fqdn_universe_decode (struct option_state *options,
+ 		while (s < &bp -> data[0] + length + 2) {
+ 			len = *s;
+ 			if (len > 63) {
+-				log_info ("fancy bits in fqdn option");
+-				return 0;
++				log_info ("label length exceeds 63 in fqdn option");
++				goto bad;
+ 			}
+ 			if (len == 0) {
+ 				terminated = 1;
+ 				break;
+ 			}
+ 			if (s + len > &bp -> data [0] + length + 3) {
+-				log_info ("fqdn tag longer than buffer");
+-				return 0;
++				log_info ("fqdn label longer than buffer");
++				goto bad;
+ 			}
+ 
+ 			if (first_len == 0) {
diff --git a/SOURCES/dhcp-dhcp6-vendor-opts.patch b/SOURCES/dhcp-dhcp6-vendor-opts.patch
new file mode 100644
index 0000000..4bd685e
--- /dev/null
+++ b/SOURCES/dhcp-dhcp6-vendor-opts.patch
@@ -0,0 +1,12 @@
+diff --git a/common/options.c b/common/options.c
+index 3e6383a..9216ae4 100644
+--- a/common/options.c
++++ b/common/options.c
+@@ -1122,7 +1122,6 @@ store_options6(char *buf, int buflen,
+ 		 */
+ 		if (code == vsio_option_code) {
+ 			vsio_wanted = 1;
+-			continue;
+ 		}
+ 
+ 		/*
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 7d6b6bb..2c1428d 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.6
-Release:  48%{?dist}
+Release:  49%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -85,6 +85,9 @@ Patch49:  dhcp-detect-system-time-jumps.patch
 Patch50:  dhcp-key_algorithm.patch
 Patch51:  dhcp-statement_parser.patch
 Patch52:  dhcp-omshell-hmac-sha512-support.patch
+Patch53:  dhcp-CVE-2022-2928.patch
+Patch54:  dhcp-CVE-2022-2929.patch
+Patch55:  dhcp-dhcp6-vendor-opts.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -369,6 +372,15 @@ rm bind/bind.tar.gz
 # https://bugzilla.redhat.com/show_bug.cgi?id=2016248
 %patch52 -p1
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132248
+%patch53 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2132245
+%patch54 -p1
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2142024
+%patch55 -p1
+
 # Update paths in all man pages
 for page in client/dhclient.conf.5 client/dhclient.leases.5 \
             client/dhclient-script.8 client/dhclient.8 ; do
@@ -702,8 +714,10 @@ done
 %endif
 
 %changelog
-* Tue Sep 27 2022 CentOS Sources <bugs@centos.org> - 4.3.6-48.el8.centos
-- Apply debranding changes
+* Tue Oct 11 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-49
+- Fix for CVE-2022-2928
+- Fix for CVE-2022-2929
+- send back dhcp6.vendor-opts again (#2142024)
 
 * Tue May 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.3.6-48
 - omshell: add support for hmac-sha512 algorithm (#2016248)