diff --git a/SOURCES/version-0.9907-Deal-with-certain-tiedscalars-e.g.-created-by-Readon.patch b/SOURCES/version-0.9907-Deal-with-certain-tiedscalars-e.g.-created-by-Readon.patch
new file mode 100644
index 0000000..23abd59
--- /dev/null
+++ b/SOURCES/version-0.9907-Deal-with-certain-tiedscalars-e.g.-created-by-Readon.patch
@@ -0,0 +1,58 @@
+From c286e6d3aa2ecfc311027427c95607ceccb85fae Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Tue, 27 Sep 2016 15:56:59 +0200
+Subject: [PATCH 1/2] Deal with certain tiedscalars (e.g. created by
+ Readonly::XS)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream commit:
+
+changeset:   480:efb44fbc6bd8
+user:        John Peacock <john.peacock@havurah-software.org>
+date:        Sat Feb 01 13:30:16 2014 -0500
+summary:     Deal with certain tiedscalars (e.g. created by Readonly::XS).
+
+ported from 0.9908 to 0.9907.
+
+This is necessary to accept tainted input on perl older than 5.17.2.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ vutil/vutil.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/vutil/vutil.c b/vutil/vutil.c
+index 7979c49..c5edb10 100644
+--- a/vutil/vutil.c
++++ b/vutil/vutil.c
+@@ -555,7 +555,11 @@ Perl_upg_version(pTHX_ SV *ver, bool qv)
+ 
+     PERL_ARGS_ASSERT_UPG_VERSION;
+ 
+-    if ( SvNOK(ver) && !( SvPOK(ver) && SvCUR(ver) == 3 ) )
++    if ( ( SvNOK(ver)
++#if PERL_VERSION_LT(5,17,2)
++       || (SvTYPE(ver) == SVt_PVMG && SvNOKp(ver))
++#endif
++       ) && !( SvPOK(ver) && SvCUR(ver) == 3 ) )
+     {
+ 	STRLEN len;
+ 
+@@ -602,7 +606,11 @@ Perl_upg_version(pTHX_ SV *ver, bool qv)
+ 	version = savesvpv(ver);
+ 	SAVEFREEPV(version);
+     }
+-    else if ( SvPOK(ver) )/* must be a string or something like a string */
++    else if ( SvPOK(ver)
++#if PERL_VERSION_LT(5,17,2)
++             || (SvTYPE(ver) == SVt_PVMG && SvPOKp(ver))
++#endif
++           )/* must be a string or something like a string */
+     {
+ 	STRLEN len;
+ 	version = savepvn(SvPV(ver,len), SvCUR(ver));
+-- 
+2.7.4
+
diff --git a/SOURCES/version-0.9907-Stringify-tainted-version-object-on-perl-older-than-.patch b/SOURCES/version-0.9907-Stringify-tainted-version-object-on-perl-older-than-.patch
new file mode 100644
index 0000000..4d266ce
--- /dev/null
+++ b/SOURCES/version-0.9907-Stringify-tainted-version-object-on-perl-older-than-.patch
@@ -0,0 +1,45 @@
+From 4ee6d47e40a527e4c233362109985a421d784c2d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Tue, 27 Sep 2016 16:03:16 +0200
+Subject: [PATCH 2/2] Stringify tainted version object on perl older than
+ 5.17.2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since version-0.9908, version->new() accepts tainted input after
+4bac9ae47b5ad7845a24e26b0e95609805de688a change (Magic flags
+harmonization) in perl 5.17.2.
+
+But it cannot stringify resultin version object and returns undef
+instead.
+
+This patch adds support for the stringification.
+
+CPAN RT#118087
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ vutil/vutil.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/vutil/vutil.c b/vutil/vutil.c
+index c5edb10..f17fb0a 100644
+--- a/vutil/vutil.c
++++ b/vutil/vutil.c
+@@ -916,7 +916,11 @@ Perl_vstringify(pTHX_ SV *vs)
+     if (svp) {
+ 	SV *pv;
+ 	pv = *svp;
+-	if ( SvPOK(pv) )
++    if ( SvPOK(pv)
++#if PERL_VERSION_LT(5,17,2)
++         || SvPOKp(pv)
++#endif
++    )   
+ 	    return newSVsv(pv);
+ 	else
+ 	    return &PL_sv_undef;
+-- 
+2.7.4
+
diff --git a/SPECS/perl-version.spec b/SPECS/perl-version.spec
index b6e17b5..9a49cf7 100644
--- a/SPECS/perl-version.spec
+++ b/SPECS/perl-version.spec
@@ -2,12 +2,17 @@ Name:           perl-version
 Epoch:          3
 Version:        0.99.07
 %global module_version 0.9907
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Perl extension for Version Objects
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/version/
 Source0:        http://www.cpan.org/authors/id/J/JP/JPEACOCK/version-%{module_version}.tar.gz
+# Support parsing tainted values, bug #1378885, in upstream 0.9908
+Patch0:         version-0.9907-Deal-with-certain-tiedscalars-e.g.-created-by-Readon.patch
+# Support stringifying version objects made from a tainted value, bug #1378885,
+# CPAN RT#118087
+Patch1:         version-0.9907-Stringify-tainted-version-object-on-perl-older-than-.patch
 BuildRequires:  perl
 BuildRequires:  perl(base)
 BuildRequires:  perl(Carp)
@@ -49,6 +54,8 @@ strongly urged to set 0.77 as a minimum in your code.
 
 %prep
 %setup -q -n version-%{module_version}
+%patch0 -p1
+%patch1 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"
@@ -77,6 +84,9 @@ make test
 %{_mandir}/man3/version::Internals.3pm*
 
 %changelog
+* Tue Sep 27 2016 Petr Pisar <ppisar@redhat.com> - 3:0.99.07-3
+- Support making version objects from tainted strings (bug #1378885)
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3:0.99.07-2
 - Mass rebuild 2014-01-24