diff --git a/SOURCES/oniguruma-6.8.2-CVE-2019-13225-fix.patch b/SOURCES/oniguruma-6.8.2-CVE-2019-13225-fix.patch
new file mode 100644
index 0000000..ecddbd3
--- /dev/null
+++ b/SOURCES/oniguruma-6.8.2-CVE-2019-13225-fix.patch
@@ -0,0 +1,57 @@
+diff --git a/src/regcomp.c b/src/regcomp.c
+index f953ed1..ae2caeb 100644
+--- a/src/regcomp.c
++++ b/src/regcomp.c
+@@ -1131,8 +1131,9 @@ compile_length_enclosure_node(EnclosureNode* node, regex_t* reg)
+         len += tlen;
+       }
+ 
++      len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END;
++
+       if (IS_NOT_NULL(Else)) {
+-        len += SIZE_OP_JUMP;
+         tlen = compile_length_tree(Else, reg);
+         if (tlen < 0) return tlen;
+         len += tlen;
+@@ -1274,7 +1275,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
+ 
+   case ENCLOSURE_IF_ELSE:
+     {
+-      int cond_len, then_len, jump_len;
++      int cond_len, then_len, else_len, jump_len;
+       Node* cond = NODE_ENCLOSURE_BODY(node);
+       Node* Then = node->te.Then;
+       Node* Else = node->te.Else;
+@@ -1291,8 +1292,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
+       else
+         then_len = 0;
+ 
+-      jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END;
+-      if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP;
++      jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP;
+ 
+       r = add_opcode_rel_addr(reg, OP_PUSH, jump_len);
+       if (r != 0) return r;
+@@ -1307,9 +1307,19 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
+       }
+ 
+       if (IS_NOT_NULL(Else)) {
+-        int else_len = compile_length_tree(Else, reg);
+-        r = add_opcode_rel_addr(reg, OP_JUMP, else_len);
+-        if (r != 0) return r;
++        else_len = compile_length_tree(Else, reg);
++        if (else_len < 0) return else_len;
++      }
++      else
++        else_len = 0;
++
++      r = add_opcode_rel_addr(reg, OP_JUMP, SIZE_OP_ATOMIC_END + else_len);
++      if (r != 0) return r;
++
++      r = add_opcode(reg, OP_ATOMIC_END);
++      if (r != 0) return r;
++
++      if (IS_NOT_NULL(Else)) {
+         r = compile_tree(Else, reg, env);
+       }
+     }
diff --git a/SPECS/oniguruma.spec b/SPECS/oniguruma.spec
index 9a77f9c..7d4c4a7 100644
--- a/SPECS/oniguruma.spec
+++ b/SPECS/oniguruma.spec
@@ -1,12 +1,15 @@
 Name:		oniguruma
 Version:	6.8.2
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Regular expressions library
 
 Group:		System Environment/Libraries
 License:	BSD
 URL:		https://github.com/kkos/oniguruma/
 Source0:	https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{version}.tar.gz
+# Backport https://src.fedoraproject.org/rpms/oniguruma/blob/f29/f/0100-Apply-CVE-2019-13325-fix-to-6.9.1.patch
+# (upstream: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c)
+Patch100:	oniguruma-6.8.2-CVE-2019-13225-fix.patch
 
 %description
 Oniguruma is a regular expressions library.
@@ -42,6 +45,8 @@ for f in \
 done
 %endif
 
+%patch100 -p1 -b .CVE-2019-13225
+
 %build
 %configure \
     --disable-silent-rules \
@@ -97,6 +102,10 @@ find $RPM_BUILD_ROOT -name '*.la' \
 %{_libdir}/pkgconfig/%{name}.pc	
 
 %changelog
+* Fri Jun 26 2020 Jiri Kucera <jkucera@redhat.com> - 6.8.2-2
+- Fix CVE-2019-13225
+  Resolves: #1771052
+
 * Mon Apr 23 2018 Mamoru TASAKA <mtasaka@fedoraproject.org> - 6.8.2-1
 - 6.8.2