diff --git a/SOURCES/jasper-1.900.1-CVE-2016-9396.patch b/SOURCES/jasper-1.900.1-CVE-2016-9396.patch
new file mode 100644
index 0000000..84b2716
--- /dev/null
+++ b/SOURCES/jasper-1.900.1-CVE-2016-9396.patch
@@ -0,0 +1,50 @@
+diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c
+--- old/src/libjasper/jpc/jpc_cs.c	2018-06-21 09:16:03.401642013 +0200
++++ new/src/libjasper/jpc/jpc_cs.c	2018-06-21 09:36:47.278110112 +0200
+@@ -782,29 +782,37 @@ static int jpc_cox_getcompparms(jpc_ms_t
+ 	  jpc_getuint8(in, &compparms->qmfbid)) {
+ 		return -1;
+ 	}
++	if (compparms->numdlvls > 32) {
++		goto error;
++	}
++	if (compparms->qmfbid != JPC_COX_INS &&
++	    compparms->qmfbid != JPC_COX_RFT)
++		goto error;
+ 	compparms->numrlvls = compparms->numdlvls + 1;
+ 	if (compparms->numrlvls > JPC_MAXRLVLS) {
+-		jpc_cox_destroycompparms(compparms);
+-		return -1;
++		goto error;
+ 	}
+ 	if (prtflag) {
+ 		for (i = 0; i < compparms->numrlvls; ++i) {
+ 			if (jpc_getuint8(in, &tmp)) {
+-				jpc_cox_destroycompparms(compparms);
+-				return -1;
++				goto error;
+ 			}
+ 			compparms->rlvls[i].parwidthval = tmp & 0xf;
+ 			compparms->rlvls[i].parheightval = (tmp >> 4) & 0xf;
+ 		}
+-/* Sigh.  This bit should be in the same field in both COC and COD mrk segs. */
+-compparms->csty |= JPC_COX_PRT;
+-	} else {
++		/* Sigh.
++		This bit should be in the same field in both COC and COD mrk segs. */
++		compparms->csty |= JPC_COX_PRT;
+ 	}
+ 	if (jas_stream_eof(in)) {
+-		jpc_cox_destroycompparms(compparms);
+-		return -1;
++		goto error;
+ 	}
+ 	return 0;
++error:
++	if (compparms) {
++		jpc_cox_destroycompparms(compparms);
++	}
++	return -1;
+ }
+ 
+ static int jpc_cox_putcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate,
diff --git a/SOURCES/jasper-1.900.1-CVE-2017-1000050.patch b/SOURCES/jasper-1.900.1-CVE-2017-1000050.patch
new file mode 100644
index 0000000..d6d4ad9
--- /dev/null
+++ b/SOURCES/jasper-1.900.1-CVE-2017-1000050.patch
@@ -0,0 +1,15 @@
+diff -urNp old/src/libjasper/jp2/jp2_enc.c new/src/libjasper/jp2/jp2_enc.c
+--- old/src/libjasper/jp2/jp2_enc.c	2018-06-21 09:46:45.090301777 +0200
++++ new/src/libjasper/jp2/jp2_enc.c	2018-06-21 10:18:17.602305787 +0200
+@@ -115,6 +115,11 @@ int sgnd;
+ 	iccstream = 0;
+ 	iccprof = 0;
+ 
++	if (jas_image_numcmpts(image) < 1) {
++	//	jas_eprintf("image must have at least one component\n");
++		goto error;
++	}
++
+ 	allcmptssame = 1;
+ 	sgnd = jas_image_cmptsgnd(image, 0);
+ 	prec = jas_image_cmptprec(image, 0);
diff --git a/SPECS/jasper.spec b/SPECS/jasper.spec
index 4fd6a60..a0583b3 100644
--- a/SPECS/jasper.spec
+++ b/SPECS/jasper.spec
@@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Group:   System Environment/Libraries
 Version: 1.900.1
-Release: 31%{?dist}
+Release: 33%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
@@ -74,6 +74,8 @@ Patch37: jasper-CVE-2016-9391.patch
 Patch38: jasper-CVE-implicit-declaration-fix.patch
 
 Patch39: jasper-1.900.1-define-SIZE-MAX.patch	
+Patch40: jasper-1.900.1-CVE-2016-9396.patch
+Patch41: jasper-1.900.1-CVE-2017-1000050.patch
 
 # autoreconf
 BuildRequires: autoconf automake libtool
@@ -167,6 +169,8 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %patch37 -p1 -b .CVE-2016-9391
 %patch38 -p1 -b .CVE-implicit-declaration-fix
 %patch39 -p1 -b .define-SIZE-MAX
+%patch40 -p1 -b .CVE-2016-9396
+%patch41 -p1 -b .CVE-2017-1000050
 
 autoreconf --verbose --force --install
 
@@ -236,6 +240,13 @@ make check
 
 
 %changelog
+* Thu Jun 21 2018 Josef Ridky <jridky@redhat.com> - 1.900.1-33
+- remove implicit declaration of jas_eprintf (#1585830)
+
+* Thu Jun 21 2018 Josef Ridky <jridky@redhat.com> - 1.900.1-32
+- Fix CVE-2016-9396 (#1583721)
+- Fix CVE-2017-1000050 (#1585830)
+
 * Wed May 31 2017 Josef Ridky <jridky@redhat.com> - 1.900.1-31
 - Fix missing declaration of SIZE_MAX constant in jas_math.h (#1455489)