diff --git a/SOURCES/mailman-2.1.29-login_content_injection.patch b/SOURCES/mailman-2.1.29-login_content_injection.patch
new file mode 100644
index 0000000..2710b46
--- /dev/null
+++ b/SOURCES/mailman-2.1.29-login_content_injection.patch
@@ -0,0 +1,13 @@
+=== modified file 'Mailman/Cgi/options.py'
+--- Mailman/Cgi/options.py	2019-03-06 17:48:32 +0000
++++ Mailman/Cgi/options.py	2020-04-20 03:10:16 +0000
+@@ -173,7 +173,7 @@
+     try:
+         Utils.ValidateEmail(user)
+     except Errors.EmailAddressError:
+-        doc.addError(_('Illegal Email Address: %(safeuser)s'))
++        doc.addError(_('Illegal Email Address'))
+         loginpage(mlist, doc, None, language)
+         print doc.Format()
+         return
+
diff --git a/SOURCES/mailman-2.1.29-options_content_njection.patch b/SOURCES/mailman-2.1.29-options_content_njection.patch
new file mode 100644
index 0000000..fe81924
--- /dev/null
+++ b/SOURCES/mailman-2.1.29-options_content_njection.patch
@@ -0,0 +1,22 @@
+=== modified file 'Mailman/Cgi/private.py'
+--- Mailman/Cgi/private.py	2019-03-06 17:48:32 +0000
++++ Mailman/Cgi/private.py	2020-05-07 13:53:40 +0000
+@@ -162,13 +162,9 @@
+             if mlist.isMember(username):
+                 mlist.MailUserPassword(username)
+             elif username:
+-                # Not a member
+-                if mlist.private_roster == 0:
+-                    # Public rosters
+-                    safeuser = Utils.websafe(username)
+-                    message = Bold(FontSize('+1',
+-                                  _('No such member: %(safeuser)s.'))).Format()
+-                else:
++                # Not a member. Don't report address in any case. It leads to
++                # Content injection. Just log if roster is not public.
++                if mlist.private_roster != 0:
+                     syslog('mischief',
+                        'Reminder attempt of non-member w/ private rosters: %s',
+                        username)
+
+
diff --git a/SPECS/mailman.spec b/SPECS/mailman.spec
index 301a343..aa77178 100644
--- a/SPECS/mailman.spec
+++ b/SPECS/mailman.spec
@@ -3,7 +3,7 @@
 Summary: Mailing list manager with built in Web access
 Name: mailman
 Version: 2.1.29
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 3
 Group: Applications/Internet
 Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -31,7 +31,8 @@ Patch22: mailman-2.1.15-check_perms.patch
 Patch24: mailman-specify_python_version.patch
 Patch25: mailman-CVE-2020-12137.patch
 Patch26: mailman-bouncer_oom_crash.patch
-
+Patch27: mailman-2.1.29-login_content_injection.patch
+Patch28: mailman-2.1.29-options_content_njection.patch
 
 License: GPLv2+
 URL: http://www.list.org/
@@ -122,6 +123,8 @@ additional installation steps, these are described in:
 %patch24 -p1 -b .python_version
 %patch25 -p0 -b .cve_obj_mime
 %patch26 -p0 -b .bouncer_match
+%patch27 -p0 -b .login_injection
+%patch28 -p0 -b .options_injection
 
 #cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
 cp %{SOURCE5} INSTALL.REDHAT.in
@@ -575,6 +578,9 @@ exit 0
 %dir %attr(775,root,%{mmgroup}) %{lockdir}
 
 %changelog
+* Wed Sep 30 2020 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.29-11
+- Fixes for  CVE-2020-12108 and CVE-2020-15011
+
 * Mon May 25 2020 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.29-10
 - Fix match patter to reduce false allocation