diff --git a/SOURCES/0001-Fix-off-by-one-errors-in-registers.patch b/SOURCES/0001-Fix-off-by-one-errors-in-registers.patch
new file mode 100644
index 0000000..3424242
--- /dev/null
+++ b/SOURCES/0001-Fix-off-by-one-errors-in-registers.patch
@@ -0,0 +1,54 @@
+From c6ae9afd73c183231f39804de184e8c5c09de563 Mon Sep 17 00:00:00 2001
+From: Xavier Bachelot <xavier@bachelot.org>
+Date: Wed, 23 Oct 2013 16:56:08 +0000
+Subject: [PATCH] Fix off-by-one errors in registers
+
+Reported by Florian Weimer.
+https://bugzilla.redhat.com/show_bug.cgi?id=959215
+---
+ src/libbluray/register.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/libbluray/register.c b/src/libbluray/register.c
+index 4985cc99..43751d4d 100644
+--- a/src/libbluray/register.c
++++ b/src/libbluray/register.c
+@@ -339,7 +339,7 @@ void bd_psr_restore_state(BD_REGISTERS *p)
+ 
+ int bd_gpr_write(BD_REGISTERS *p, int reg, uint32_t val)
+ {
+-    if (reg < 0 || reg > BD_GPR_COUNT) {
++    if (reg < 0 || reg >= BD_GPR_COUNT) {
+         BD_DEBUG(DBG_BLURAY, "bd_gpr_write(%d): invalid register\n", reg);
+         return -1;
+     }
+@@ -350,7 +350,7 @@ int bd_gpr_write(BD_REGISTERS *p, int reg, uint32_t val)
+ 
+ uint32_t bd_gpr_read(BD_REGISTERS *p, int reg)
+ {
+-    if (reg < 0 || reg > BD_GPR_COUNT) {
++    if (reg < 0 || reg >= BD_GPR_COUNT) {
+         BD_DEBUG(DBG_BLURAY, "bd_gpr_read(%d): invalid register\n", reg);
+         return -1;
+     }
+@@ -366,7 +366,7 @@ uint32_t bd_psr_read(BD_REGISTERS *p, int reg)
+ {
+     uint32_t val;
+ 
+-    if (reg < 0 || reg > BD_PSR_COUNT) {
++    if (reg < 0 || reg >= BD_PSR_COUNT) {
+         BD_DEBUG(DBG_BLURAY, "bd_psr_read(%d): invalid register\n", reg);
+         return -1;
+     }
+@@ -382,7 +382,7 @@ uint32_t bd_psr_read(BD_REGISTERS *p, int reg)
+ 
+ int bd_psr_setting_write(BD_REGISTERS *p, int reg, uint32_t val)
+ {
+-    if (reg < 0 || reg > BD_PSR_COUNT) {
++    if (reg < 0 || reg >= BD_PSR_COUNT) {
+         BD_DEBUG(DBG_BLURAY, "bd_psr_write(%d, %d): invalid register\n", reg, val);
+         return -1;
+     }
+-- 
+2.26.0
+
diff --git a/SOURCES/0001-Fix-stack-corruption-with-long-log-strings.-Extend-m.patch b/SOURCES/0001-Fix-stack-corruption-with-long-log-strings.-Extend-m.patch
new file mode 100644
index 0000000..f84bdac
--- /dev/null
+++ b/SOURCES/0001-Fix-stack-corruption-with-long-log-strings.-Extend-m.patch
@@ -0,0 +1,33 @@
+From 4b68d1c21b415129adfa0097882e4368a33d0594 Mon Sep 17 00:00:00 2001
+From: hpi1 <hpi1@anonymous.org>
+Date: Wed, 13 Mar 2013 10:51:46 +0200
+Subject: [PATCH] Fix stack corruption with long log strings. Extend max log
+ string length to 4096 bytes.
+
+---
+ src/util/logging.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/util/logging.c b/src/util/logging.c
+index 306f5d4c..c8aa4886 100644
+--- a/src/util/logging.c
++++ b/src/util/logging.c
+@@ -80,13 +80,13 @@ void bd_debug(const char *file, int line, uint32_t mask, const char *format, ...
+     }
+ 
+     if (mask & debug_mask) {
+-        char buffer[512], *pt = buffer;
++        char buffer[4096], *pt = buffer;
+         va_list args;
+ 
+         pt += sprintf(buffer, "%s:%d: ", file, line);
+ 
+         va_start(args, format);
+-        vsprintf(pt, format, args);
++        vsnprintf(pt, sizeof(buffer) - (size_t)(intptr_t)(pt - buffer) - 1, format, args);
+         va_end(args);
+ 
+         if (log_func) {
+-- 
+2.26.0
+
diff --git a/SPECS/libbluray.spec b/SPECS/libbluray.spec
index cde1fc7..bea231a 100644
--- a/SPECS/libbluray.spec
+++ b/SPECS/libbluray.spec
@@ -9,7 +9,7 @@ Version:        0.2.3
 %if %{snapshot}
 Release:        0.12.%{tarball_date}git%{git_short}%{?dist}
 %else
-Release:        5%{?dist}
+Release:        6%{?dist}
 %endif
 Summary:        Library to access Blu-Ray disks for video playback 
 Group:          System Environment/Libraries
@@ -25,6 +25,10 @@ Source0:        %{name}-%{tarball_date}git%{git_short}.tar.bz2
 Source0:        ftp://ftp.videolan.org/pub/videolan/%{name}/%{version}/%{name}-%{version}.tar.bz2
 %endif
 Patch0:         libbluray-0.2.2-no_doxygen_timestamp.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1045452
+Patch1:         0001-Fix-stack-corruption-with-long-log-strings.-Extend-m.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1045453
+Patch2:         0001-Fix-off-by-one-errors-in-registers.patch
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 %if %{snapshot}
@@ -63,7 +67,8 @@ developing applications that use %{name}.
 %setup -q
 %endif
 %patch0 -p1 -b .no_timestamp
-
+%patch1 -p1 -b .long-log-strings
+%patch2 -p1 -b .off-by-one
 
 %build
 %if %{snapshot}
@@ -124,6 +129,11 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Tue Apr 21 2020 Bastien Nocera <bnocera@redhat.com> - 0.2.3-6
++ libbluray-0.2.3-0.12.git
+- Fix security issues in parts of the library that we never exercised
+Related: rhbz#1045453 rhbz#1045452
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.2.3-5
 - Mass rebuild 2014-01-24