diff --git a/SOURCES/pcre2-10.32-Fix-crash-when-X-is-used-without-UTF-in-JIT.patch b/SOURCES/pcre2-10.32-Fix-crash-when-X-is-used-without-UTF-in-JIT.patch
new file mode 100644
index 0000000..c4232e8
--- /dev/null
+++ b/SOURCES/pcre2-10.32-Fix-crash-when-X-is-used-without-UTF-in-JIT.patch
@@ -0,0 +1,45 @@
+From 01d8a82b6333fac75799f475e1d543c2ba6d6744 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
+Date: Mon, 13 May 2019 16:26:17 +0000
+Subject: [PATCH] Fix crash when \X is used without UTF in JIT.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1091 6239d852-aaf2-0410-a92c-79f79f948069
+Petr Písař: Ported to 10.32.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ testdata/testinput4  | 3 +++
+ testdata/testoutput4 | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/testdata/testinput4 b/testdata/testinput4
+index a27b6af..8592666 100644
+--- a/testdata/testinput4
++++ b/testdata/testinput4
+@@ -2318,4 +2318,7 @@
+ /[^\x{100}-\x{ffff}]*[\x80-\xff]/i,utf
+     \x{99}\x{99}\x{99}
+ 
++/\X*/
++    \xF3aaa\xE4\xEA\xEB\xFEa
++
+ # End of testinput4
+diff --git a/testdata/testoutput4 b/testdata/testoutput4
+index ba3df37..0291149 100644
+--- a/testdata/testoutput4
++++ b/testdata/testoutput4
+@@ -3742,4 +3742,8 @@ No match
+     \x{99}\x{99}\x{99}
+  0: \x{99}\x{99}\x{99}
+ 
++/\X*/
++    \xF3aaa\xE4\xEA\xEB\xFEa
++ 0: \xf3aaa\xe4\xea\xeb\xfea
++
+ # End of testinput4
+-- 
+2.20.1
+
diff --git a/SOURCES/pcre2-10.32-Forgot-this-file-in-previous-commit.-Fixes-JIT-non-U.patch b/SOURCES/pcre2-10.32-Forgot-this-file-in-previous-commit.-Fixes-JIT-non-U.patch
new file mode 100644
index 0000000..e18e0af
--- /dev/null
+++ b/SOURCES/pcre2-10.32-Forgot-this-file-in-previous-commit.-Fixes-JIT-non-U.patch
@@ -0,0 +1,35 @@
+From 79fb8db65fa27070aac6dde8d6d468306ab6b9a9 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
+Date: Mon, 13 May 2019 16:38:18 +0000
+Subject: [PATCH] Forgot this file in previous commit. Fixes JIT non-UTF bug.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1092 6239d852-aaf2-0410-a92c-79f79f948069
+Petr Písař: Ported to 10.32.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/pcre2_jit_compile.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index 3cd3891..100b63c 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -7288,7 +7288,10 @@ int lgb, rgb, ricount;
+ PCRE2_SPTR bptr;
+ uint32_t c;
+ 
+-GETCHARINC(c, cc);
++/* Patch by PH */
++/* GETCHARINC(c, cc); */
++
++c = *cc++;
+ lgb = UCD_GRAPHBREAK(c);
+ 
+ while (cc < end_subject)
+-- 
+2.20.1
+
diff --git a/SPECS/pcre2.spec b/SPECS/pcre2.spec
index 743aabe..df3f0aa 100644
--- a/SPECS/pcre2.spec
+++ b/SPECS/pcre2.spec
@@ -9,7 +9,7 @@
 #%%global rcversion RC1
 Name:       pcre2
 Version:    10.32
-Release:    %{?rcversion:0.}1%{?rcversion:.%rcversion}%{?dist}
+Release:    %{?rcversion:0.}2%{?rcversion:.%rcversion}%{?dist}
 %global     myversion %{version}%{?rcversion:-%rcversion}
 Summary:    Perl-compatible regular expression library
 # the library:                          BSD with exceptions
@@ -62,6 +62,12 @@ Patch3:     pcre2-10.32-Fix-zero-repeated-subroutine-call-at-start-of-patter.pat
 # Fix heap limit checking overflow in pcre2_dfa_match(), upstream bug #2334,
 # bug#1628200, in upstream after 10.32
 Patch4:     pcre2-10.32-Fix-heap-limit-checking-overflow-bug-in-pcre2_dfa_ma.patch
+# 1/2 Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT),
+# upstream bug #2399, bug #1734468, in upstream after 10.33
+Patch5:     pcre2-10.32-Fix-crash-when-X-is-used-without-UTF-in-JIT.patch
+# 2/2 Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT),
+# upstream bug #2399, bug #1734468, in upstream after 10.33
+Patch6:     pcre2-10.32-Forgot-this-file-in-previous-commit.-Fixes-JIT-non-U.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  coreutils
@@ -142,6 +148,8 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 # Because of multilib patch
 libtoolize --copy --force
 autoreconf -vif
@@ -243,6 +251,10 @@ make %{?_smp_mflags} check VERBOSE=yes
 %{_mandir}/man1/pcre2test.*
 
 %changelog
+* Mon May 13 2019 Petr Pisar <ppisar@redhat.com> - 10.32-2
+- Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT)
+  (bug #1734468)
+
 * Fri Dec 07 2018 Petr Pisar <ppisar@redhat.com> - 10.32-1
 - 10.32 bump (bug #1628200)
 - Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has