diff --git a/SOURCES/CVE-2022-22815_CVE-2022-22816.patch b/SOURCES/CVE-2022-22815_CVE-2022-22816.patch
new file mode 100644
index 0000000..bbe0e43
--- /dev/null
+++ b/SOURCES/CVE-2022-22815_CVE-2022-22816.patch
@@ -0,0 +1,66 @@
+diff --git a/Tests/test_imagepath.py b/Tests/test_imagepath.py
+index beadff1..a0dee28 100644
+--- a/Tests/test_imagepath.py
++++ b/Tests/test_imagepath.py
+@@ -47,3 +47,8 @@ def test_path():
+     assert_equal(list(p), [(0.0, 1.0)])
+     p = ImagePath.Path(array.array("f", [0, 1]).tostring())
+     assert_equal(list(p), [(0.0, 1.0)])
++
++def test_getbbox():
++    for coords in (0,1):
++        p = ImagePath.Path(coords)
++        assert_equal(p.getbbox(), (0.0, 0.0, 0.0, 0.0))
+diff --git a/path.c b/path.c
+index 871da93..059e738 100644
+--- a/path.c
++++ b/path.c
+@@ -57,7 +57,7 @@ alloc_array(Py_ssize_t count)
+         PyErr_NoMemory();
+         return NULL;
+     }
+-    xy = malloc(2 * count * sizeof(double) + 1);
++    xy = calloc(2 * count + 1, sizeof(double));
+     if (!xy)
+         PyErr_NoMemory();
+     return xy;
+@@ -336,18 +336,27 @@ path_getbbox(PyPathObject* self, PyObject* args)
+ 
+     xy = self->xy;
+ 
+-    x0 = x1 = xy[0];
+-    y0 = y1 = xy[1];
+-
+-    for (i = 1; i < self->count; i++) {
+-	if (xy[i+i] < x0)
+-	    x0 = xy[i+i];
+-	if (xy[i+i] > x1)
+-	    x1 = xy[i+i];
+-	if (xy[i+i+1] < y0)
+-	    y0 = xy[i+i+1];
+-	if (xy[i+i+1] > y1)
+-	    y1 = xy[i+i+1];
++    if (self->count == 0) {
++        x0 = x1 = 0;
++        y0 = y1 = 0;
++    } else {
++        x0 = x1 = xy[0];
++        y0 = y1 = xy[1];
++
++        for (i = 1; i < self->count; i++) {
++            if (xy[i + i] < x0) {
++                x0 = xy[i + i];
++            }
++            if (xy[i + i] > x1) {
++                x1 = xy[i + i];
++            }
++            if (xy[i + i + 1] < y0) {
++                y0 = xy[i + i + 1];
++            }
++            if (xy[i + i + 1] > y1) {
++                y1 = xy[i + i + 1];
++            }
++        }
+     }
+ 
+     return Py_BuildValue("dddd", x0, y0, x1, y1);
diff --git a/SOURCES/CVE-2022-22817.patch b/SOURCES/CVE-2022-22817.patch
new file mode 100644
index 0000000..ca8bc4e
--- /dev/null
+++ b/SOURCES/CVE-2022-22817.patch
@@ -0,0 +1,41 @@
+diff --git a/PIL/ImageMath.py b/PIL/ImageMath.py
+index 6548b03..5312207 100644
+--- a/PIL/ImageMath.py
++++ b/PIL/ImageMath.py
+@@ -219,7 +219,18 @@ def eval(expression, _dict={}, **kw):
+         if hasattr(v, "im"):
+             args[k] = _Operand(v)
+ 
+-    out = builtins.eval(expression, args)
++    compiled_code = compile(expression, "<string>", "eval")
++    def scan(code):
++        for const in code.co_consts:
++            if type(const) == type(compiled_code):
++                scan(const)
++
++        for name in code.co_names:
++            if name not in args and name != "abs":
++                raise ValueError("'{0}' not allowed".format(name))
++
++    scan(compiled_code)
++    out = builtins.eval(expression, {"__builtins": {"abs": abs}}, args)
+     try:
+         return out.im
+     except AttributeError:
+diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py
+index eaeb711..da9d1d7 100644
+--- a/Tests/test_imagemath.py
++++ b/Tests/test_imagemath.py
+@@ -45,6 +45,12 @@ def test_ops():
+     assert_equal(pixel(ImageMath.eval("float(B)**2", images)), "F 4.0")
+     assert_equal(pixel(ImageMath.eval("float(B)**33", images)), "F 8589934592.0")
+ 
++def test_logical():
++    assert_exception(ValueError, ImageMath.eval("exit()"))
++    assert_exception(ValueError, ImageMath.eval("(lambda:(exit()))()"))
++    assert_exception(ValueError, ImageMath.eval("(lambda:(exit())())()"))
++
++
+ def test_logical():
+     assert_equal(pixel(ImageMath.eval("not A", images)), 0)
+     assert_equal(pixel(ImageMath.eval("A and B", images)), "L 2")
diff --git a/SPECS/python-pillow.spec b/SPECS/python-pillow.spec
index c107b13..0aeef05 100644
--- a/SPECS/python-pillow.spec
+++ b/SPECS/python-pillow.spec
@@ -1,4 +1,4 @@
-%global py2_incdir %{_includedir}/python%{python_version}
+%global py2_incdir %{_includedir}/python%{python2_version}
 %global py3_incdir %{_includedir}/python%{python3_version}
 
 %global name3 python3-pillow
@@ -23,7 +23,7 @@
 
 Name:           python-pillow
 Version:        2.0.0
-Release:        21%{?snap}%{?dist}
+Release:        23%{?snap}%{?dist}
 Summary:        Python image processing library
 
 # License: see http://www.pythonware.com/products/pil/license.htm
@@ -53,6 +53,21 @@ Patch4:         CVE-2020-5312_CVE-2019-16865.patch
 # Upstream fix: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b?patch
 # Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1789532
 Patch5:         CVE-2020-5313.patch
+# CVE-2022-22817: PIL.ImageMath.eval allows evaluation of arbitrary expressions
+# Upstream fixes:
+# https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
+# https://github.com/python-pillow/Pillow/commit/f84ab3bb8a0a196a52e8a76bebed2853362629de
+# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=2042527
+Patch19:        CVE-2022-22817.patch
+# CVE-2022-22815 python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c
+# CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
+# Upstream fix: https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
+# Memory issue fix: https://github.com/python-pillow/Pillow/pull/5958
+# Tracking bugs:
+# https://bugzilla.redhat.com/show_bug.cgi?id=2042511
+# https://bugzilla.redhat.com/show_bug.cgi?id=2042522
+Patch20:        CVE-2022-22815_CVE-2022-22816.patch
+
 
 BuildRequires:  python2-devel
 BuildRequires:  python-setuptools
@@ -86,7 +101,7 @@ Obsoletes:      python-imaging <= 1.1.7-12
 Provides:       python3-imaging = %{version}-%{release}
 %endif
 
-%filter_provides_in %{python_sitearch}
+%filter_provides_in %{python2_sitearch}
 %filter_provides_in %{python3_sitearch}
 %filter_setup
 
@@ -222,6 +237,8 @@ PIL image wrapper for Qt.
 %patch3 -p1 -b .memleaks
 %patch4 -p2 -b .cves
 %patch5 -p2 -b .cve_2020_5313
+%patch19 -p1 -b .CVE-2022-22817
+%patch20 -p1 -b .CVE-2022-22815_CVE-2022-22816
 
 %if %{with_python3}
 # Create Python 3 source tree
@@ -232,11 +249,11 @@ cp -a . %{py3dir}
 
 %build
 # Build Python 2 modules
-find -name '*.py' | xargs sed -i '1s|^#!.*python|#!%{__python}|'
-CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
+find -name '*.py' | xargs sed -i '1s|^#!.*python|#!%{__python2}|'
+CFLAGS="$RPM_OPT_FLAGS" %{__python2} setup.py build
 
 pushd Sane
-CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
+CFLAGS="$RPM_OPT_FLAGS" %{__python2} setup.py build
 popd
 
 pushd docs
@@ -268,9 +285,9 @@ rm -rf $RPM_BUILD_ROOT
 # Install Python 2 modules
 install -d $RPM_BUILD_ROOT/%{py2_incdir}/Imaging
 install -m 644 libImaging/*.h $RPM_BUILD_ROOT/%{py2_incdir}/Imaging
-%{__python} setup.py install --skip-build --root $RPM_BUILD_ROOT
+%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT
 pushd Sane
-%{__python} setup.py install --skip-build --root $RPM_BUILD_ROOT
+%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT
 popd
 
 %if %{with_python3}
@@ -291,16 +308,16 @@ rm -rf $RPM_BUILD_ROOT%{_bindir}
 
 %check
 # Check Python 2 modules
-ln -s $PWD/Images $RPM_BUILD_ROOT%{python_sitearch}/Images
-ln -s $PWD/Tests $RPM_BUILD_ROOT%{python_sitearch}/Tests
-ln -s $PWD/selftest.py $RPM_BUILD_ROOT%{python_sitearch}/selftest.py
-pushd $RPM_BUILD_ROOT%{python_sitearch}
-%{__python} selftest.py
-%{__python} Tests/run.py
+ln -s $PWD/Images $RPM_BUILD_ROOT%{python2_sitearch}/Images
+ln -s $PWD/Tests $RPM_BUILD_ROOT%{python2_sitearch}/Tests
+ln -s $PWD/selftest.py $RPM_BUILD_ROOT%{python2_sitearch}/selftest.py
+pushd $RPM_BUILD_ROOT%{python2_sitearch}
+%{__python2} selftest.py
+%{__python2} Tests/run.py
 popd
-rm $RPM_BUILD_ROOT%{python_sitearch}/Images
-rm $RPM_BUILD_ROOT%{python_sitearch}/Tests
-rm $RPM_BUILD_ROOT%{python_sitearch}/selftest.py*
+rm $RPM_BUILD_ROOT%{python2_sitearch}/Images
+rm $RPM_BUILD_ROOT%{python2_sitearch}/Tests
+rm $RPM_BUILD_ROOT%{python2_sitearch}/selftest.py*
 
 %if %{with_python3}
 # Check Python 3 modules
@@ -321,13 +338,13 @@ popd
 
 %files
 %doc README.rst docs/HISTORY.txt COPYING
-%{python_sitearch}/*
+%{python2_sitearch}/*
 # These are in subpackages
-%exclude %{python_sitearch}/*sane*
-%exclude %{python_sitearch}/_imagingtk*
-%exclude %{python_sitearch}/PIL/ImageTk*
-%exclude %{python_sitearch}/PIL/SpiderImagePlugin*
-%exclude %{python_sitearch}/PIL/ImageQt*
+%exclude %{python2_sitearch}/*sane*
+%exclude %{python2_sitearch}/_imagingtk*
+%exclude %{python2_sitearch}/PIL/ImageTk*
+%exclude %{python2_sitearch}/PIL/SpiderImagePlugin*
+%exclude %{python2_sitearch}/PIL/ImageQt*
 
 %files devel
 %{py2_incdir}/Imaging/
@@ -337,15 +354,15 @@ popd
 
 %files sane
 %doc Sane/CHANGES Sane/demo*.py Sane/sanedoc.txt
-%{python_sitearch}/*sane*
+%{python2_sitearch}/*sane*
 
 %files tk
-%{python_sitearch}/_imagingtk*
-%{python_sitearch}/PIL/ImageTk*
-%{python_sitearch}/PIL/SpiderImagePlugin*
+%{python2_sitearch}/_imagingtk*
+%{python2_sitearch}/PIL/ImageTk*
+%{python2_sitearch}/PIL/SpiderImagePlugin*
 
 %files qt
-%{python_sitearch}/PIL/ImageQt*
+%{python2_sitearch}/PIL/ImageQt*
 
 %if %{with_python3}
 %files -n %{name3}
@@ -379,6 +396,15 @@ popd
 %endif
 
 %changelog
+* Fri Feb 11 2022 Charalampos Stratakis <cstratak@redhat.com> - 2.0.0-23gitd1c6db8
+- Fixup for CVE-2022-22817
+- Security fixes for CVE-2022-22815, CVE-2022-22816
+Resolves: rhbz#2042522
+
+* Fri Feb 04 2022 Charalampos Stratakis <cstratak@redhat.com> - 2.0.0-22gitd1c6db8
+- Fix for CVE-2022-22817
+Resolves: rhbz#2042527
+
 * Wed Mar 04 2020 Lumír Balhar <lbalhar@redhat.com> - 2.0.0-21gitd1c6db8
 - Fix for CVE-2020-5313
 Resolves: rhbz#1789532