diff --git a/SOURCES/ncurses-cve-2019-17594.patch b/SOURCES/ncurses-cve-2019-17594.patch
new file mode 100644
index 0000000..ea9f208
--- /dev/null
+++ b/SOURCES/ncurses-cve-2019-17594.patch
@@ -0,0 +1,28 @@
+From snapshot 6.1-20191012
+
+diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
+index 21f165ca..a62d38f9 100644
+--- a/ncurses/tinfo/comp_hash.c
++++ b/ncurses/tinfo/comp_hash.c
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+ 
+     hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++	&& (unsigned) hashvalue < data->table_size
++	&& data->table_data[hashvalue] >= 0) {
+ 
+ 	real_table = _nc_get_table(termcap);
+ 	ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+     const HashData *data = _nc_get_hash_info(termcap);
+     int hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++	&& (unsigned) hashvalue < data->table_size
++	&& data->table_data[hashvalue] >= 0) {
+ 	const struct name_table_entry *const table = _nc_get_table(termcap);
+ 
+ 	ptr = table + data->table_data[hashvalue];
diff --git a/SOURCES/ncurses-cve-2019-17595.patch b/SOURCES/ncurses-cve-2019-17595.patch
new file mode 100644
index 0000000..eacf479
--- /dev/null
+++ b/SOURCES/ncurses-cve-2019-17595.patch
@@ -0,0 +1,16 @@
+From snapshot 6.1-20191012
+
+diff --git a/progs/dump_entry.c b/progs/dump_entry.c
+index d0e420ec..8a47084a 100644
+--- a/progs/dump_entry.c
++++ b/progs/dump_entry.c
+@@ -1136,7 +1136,8 @@ fmt_entry(TERMTYPE2 *tterm,
+ 				*d++ = '\\';
+ 				*d = ':';
+ 			    } else if (*d == '\\') {
+-				*++d = *s++;
++				if ((*++d = *s++) == '\0')
++				    break;
+ 			    }
+ 			    d++;
+ 			    *d = '\0';
diff --git a/SOURCES/ncurses-tputx.patch b/SOURCES/ncurses-tputx.patch
new file mode 100644
index 0000000..1f61580
--- /dev/null
+++ b/SOURCES/ncurses-tputx.patch
@@ -0,0 +1,15 @@
+From snapshot 6.1-20180630
+
+diff --git a/progs/tput.c b/progs/tput.c
+index fd051eb4..88e75799 100644
+--- a/progs/tput.c
++++ b/progs/tput.c
+@@ -293,7 +293,7 @@ main(int argc, char **argv)
+ 
+     term = getenv("TERM");
+ 
+-    while ((c = getopt(argc, argv, "ST:V")) != -1) {
++    while ((c = getopt(argc, argv, "ST:Vx")) != -1) {
+ 	switch (c) {
+ 	case 'S':
+ 	    cmdline = FALSE;
diff --git a/SPECS/ncurses.spec b/SPECS/ncurses.spec
index 4dfad01..ea8c22f 100644
--- a/SPECS/ncurses.spec
+++ b/SPECS/ncurses.spec
@@ -2,7 +2,7 @@
 Summary: Ncurses support utilities
 Name: ncurses
 Version: 6.1
-Release: 7.%{revision}%{?dist}
+Release: 9.%{revision}%{?dist}
 License: MIT
 Group: System Environment/Base
 URL: https://invisible-island.net/ncurses/ncurses.html
@@ -13,6 +13,9 @@ Patch8: ncurses-config.patch
 Patch9: ncurses-libs.patch
 Patch11: ncurses-urxvt.patch
 Patch12: ncurses-kbs.patch
+Patch13: ncurses-cve-2019-17594.patch
+Patch14: ncurses-cve-2019-17595.patch
+Patch15: ncurses-tputx.patch
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@@ -127,6 +130,9 @@ The ncurses-static package includes static libraries of the ncurses library.
 %patch9 -p1 -b .libs
 %patch11 -p1 -b .urxvt
 %patch12 -p1 -b .kbs
+%patch13 -p1 -b .cve-2019-17594
+%patch14 -p1 -b .cve-2019-17595
+%patch15 -p1 -b .tputx
 
 for f in ANNOUNCE; do
     iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -293,6 +299,13 @@ bzip2 NEWS
 %{_libdir}/lib*.a
 
 %changelog
+* Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-9.20180224
+- fix tput to accept -x option (#1916340)
+
+* Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-8.20180224
+- fix buffer overflow in terminfo entry hashtable (CVE-2019-17594)
+- handle missing character after backslash in terminfo entry (CVE-2019-17595)
+
 * Wed Jan 16 2019 Miroslav Lichvar <mlichvar@redhat.com> 6.1-7.20180224
 - disable stripping on program installation (#1665177)