diff --git a/SOURCES/nss-3.44-encrypt-update.patch b/SOURCES/nss-3.44-encrypt-update.patch
new file mode 100644
index 0000000..0c2441a
--- /dev/null
+++ b/SOURCES/nss-3.44-encrypt-update.patch
@@ -0,0 +1,21 @@
+# HG changeset patch
+# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
+# Date 1574189697 25200
+#      Tue Nov 19 11:54:57 2019 -0700
+# Branch NSS_3_44_BRANCH
+# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
+# Parent  64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
+Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
+
+diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
+--- a/lib/softoken/pkcs11c.c
++++ b/lib/softoken/pkcs11c.c
+@@ -1321,7 +1321,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
+             }
+             /* encrypt the current padded data */
+             rv = (*context->update)(context->cipherInfo, pEncryptedPart,
+-                                    &padoutlen, context->blockSize, context->padBuf,
++                                    &padoutlen, maxout, context->padBuf,
+                                     context->blockSize);
+             if (rv != SECSuccess) {
+                 return sftk_MapCryptError(PORT_GetError());
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index a9127cb..addd8fa 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -46,7 +46,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          8%{?dist}
+Release:          9%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Requires:         nspr >= %{nspr_version}
@@ -147,6 +147,7 @@ Patch211:         nss-leading-zero.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1515342
 Patch212:         nss-input-check.patch
 Patch213:         nss-3.44-missing-softokn-kdf.patch
+Patch218:         nss-3.44-encrypt-update.patch
 
 
 %description
@@ -920,6 +921,9 @@ update-crypto-policies --no-reload &> /dev/null || :
 
 
 %changelog
+* Wed Dec  4 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-9
+- Fix out-of-bounds write in NSC_EncryptUpdate (#1775912)
+
 * Thu Aug  8 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-8
 - CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing
   PK11_Derive*() from using it. Add gtests for the PK11_Derive interface for