diff --git a/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch b/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch
new file mode 100644
index 0000000..4a880b0
--- /dev/null
+++ b/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch
@@ -0,0 +1,17 @@
+diff --git a/jdmarker.c b/jdmarker.c
+index 737a17c..381835b 100644
+--- a/jdmarker.c
++++ b/jdmarker.c
+@@ -348,6 +348,12 @@ get_sos (j_decompress_ptr cinfo)
+     
+     TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
+ 	     compptr->dc_tbl_no, compptr->ac_tbl_no);
++
++    /* This CSi (cc) should differ from the previous CSi */
++    for (ci = 0; ci < i; ci++) {
++      if (cinfo->cur_comp_info[ci] == compptr)
++        ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
++    }
+   }
+ 
+   /* Collect the additional scan parameters Ss, Se, Ah/Al. */
diff --git a/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch b/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch
new file mode 100644
index 0000000..ca304a9
--- /dev/null
+++ b/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch
@@ -0,0 +1,12 @@
+diff --git a/jdmarker.c b/jdmarker.c
+index 77f7274..737a17c 100644
+--- a/jdmarker.c
++++ b/jdmarker.c
+@@ -465,6 +465,7 @@ get_dht (j_decompress_ptr cinfo)
+     for (i = 0; i < count; i++)
+       INPUT_BYTE(cinfo, huffval[i], return FALSE);
+ 
++    MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
+     length -= count;
+ 
+     if (index & 0x10) {		/* AC table definition */
diff --git a/SPECS/libjpeg-turbo.spec b/SPECS/libjpeg-turbo.spec
index 5ce6c38..0f1284d 100644
--- a/SPECS/libjpeg-turbo.spec
+++ b/SPECS/libjpeg-turbo.spec
@@ -1,6 +1,6 @@
 Name:		libjpeg-turbo
 Version:	1.2.90
-Release:	2%{?dist}
+Release:	5%{?dist}
 Summary:	A MMX/SSE2 accelerated library for manipulating JPEG image files
 
 Group:		System Environment/Libraries
@@ -25,6 +25,8 @@ Provides:	libjpeg%{_isa} = 6b-47%{?dist}
 %endif
 
 Patch0:		libjpeg-turbo12-noinst.patch
+Patch1:		libjpeg-turbo12-CVE-2013-6630.patch
+Patch2:		libjpeg-turbo12-CVE-2013-6629.patch
 
 %description
 The libjpeg-turbo package contains a library of functions for manipulating
@@ -92,6 +94,8 @@ will manipulate JPEG files using the TurboJPEG library.
 %setup -q
 
 %patch0 -p1 -b .noinst
+%patch1 -p1 -b .CVE-2013-6630
+%patch2 -p1 -b .CVE-2013-6629
 
 %build
 autoreconf -fiv
@@ -165,6 +169,15 @@ make test
 %{_libdir}/libturbojpeg.so
 
 %changelog
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.2.90-5
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.2.90-4
+- Mass rebuild 2013-12-27
+
+* Tue Nov 26 2013 Petr Hracek <phracek@redhat.com> - 1.2.90-3
+- Resolves: #1031739 app patches CVE-2013-6629 and CVE-2013-6630
+
 * Tue Mar 26 2013 Adam Tkac <atkac redhat com> - 1.2.90-2
 - rebuild for ARM64 support