diff --git a/SOURCES/expat-2.1.0-CVE-2015-2716.patch b/SOURCES/expat-2.1.0-CVE-2015-2716.patch
new file mode 100644
index 0000000..4dd3303
--- /dev/null
+++ b/SOURCES/expat-2.1.0-CVE-2015-2716.patch
@@ -0,0 +1,51 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2716
+
+Address CVE-2015-2716, which was also called CVE-2015-1283.
+
+https://github.com/libexpat/libexpat/commit/ba0f9c3b40c264b8dd392e02a7a060a8fa54f032.patch
+https://github.com/libexpat/libexpat/commit/f0bec73b018caa07d3e75ec8dd967f3785d71bde.patch
+
+--- expat-2.1.0/lib/xmlparse.c.cve2716
++++ expat-2.1.0/lib/xmlparse.c
+@@ -1678,6 +1678,10 @@
+ void * XMLCALL
+ XML_GetBuffer(XML_Parser parser, int len)
+ {
++  if (len < 0) {
++    errorCode = XML_ERROR_NO_MEMORY;
++    return NULL;
++  }
+   switch (ps_parsing) {
+   case XML_SUSPENDED:
+     errorCode = XML_ERROR_SUSPENDED;
+@@ -1689,8 +1693,11 @@
+   }
+ 
+   if (len > bufferLim - bufferEnd) {
+-    /* FIXME avoid integer overflow */
+-    int neededSize = len + (int)(bufferEnd - bufferPtr);
++    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
++    if (neededSize < 0) {
++      errorCode = XML_ERROR_NO_MEMORY;
++      return NULL;
++    }
+ #ifdef XML_CONTEXT_BYTES
+     int keep = (int)(bufferPtr - buffer);
+ 
+@@ -1718,8 +1725,13 @@
+       if (bufferSize == 0)
+         bufferSize = INIT_BUFFER_SIZE;
+       do {
+-        bufferSize *= 2;
+-      } while (bufferSize < neededSize);
++        /* Do not invoke signed arithmetic overflow: */
++        bufferSize = (int) (2U * (unsigned) bufferSize);
++      } while (bufferSize < neededSize && bufferSize > 0);
++      if (bufferSize <= 0) {
++        errorCode = XML_ERROR_NO_MEMORY;
++        return NULL;
++      }
+       newBuf = (char *)MALLOC(bufferSize);
+       if (newBuf == 0) {
+         errorCode = XML_ERROR_NO_MEMORY;
diff --git a/SPECS/expat.spec b/SPECS/expat.spec
index 3c4740d..07da724 100644
--- a/SPECS/expat.spec
+++ b/SPECS/expat.spec
@@ -1,11 +1,12 @@
 Summary: An XML parser library
 Name: expat
 Version: 2.1.0
-Release: 10%{?dist}
+Release: 11%{?dist}
 Group: System Environment/Libraries
 Source: http://downloads.sourceforge.net/expat/expat-%{version}.tar.gz
 Patch0: expat-2.1.0-xmlwfargs.patch
 Patch1: expat-2.1.0-CVE-2016-0718.patch
+Patch2: expat-2.1.0-CVE-2015-2716.patch
 URL: http://www.libexpat.org/
 License: MIT
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -41,6 +42,7 @@ Install it if you need to link statically with expat.
 %setup -q
 %patch0 -p1 -b .xmlwfargs
 %patch1 -p1 -b .cve0718
+%patch2 -p1 -b .cve2716
 
 %build
 rm -rf autom4te*.cache
@@ -87,6 +89,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_libdir}/lib*.a
 
 %changelog
+* Thu Jul 25 2019 Joe Orton <jorton@redhat.com> - 2.1.0-11
+- add security fix for CVE-2015-2716
+
 * Thu Nov 24 2016 Joe Orton <jorton@redhat.com> - 2.1.0-10
 - updated security fix for CVE-2016-0718