diff --git a/SOURCES/add-boundary-check.patch b/SOURCES/add-boundary-check.patch
new file mode 100644
index 0000000..4c926e1
--- /dev/null
+++ b/SOURCES/add-boundary-check.patch
@@ -0,0 +1,71 @@
+diff -up simplejson-3.2.0/simplejson/_speedups.c.ms simplejson-3.2.0/simplejson/_speedups.c
+--- simplejson-3.2.0/simplejson/_speedups.c.ms	2015-05-18 11:40:07.477164704 +0200
++++ simplejson-3.2.0/simplejson/_speedups.c	2015-05-18 11:40:10.415183894 +0200
+@@ -2166,7 +2166,7 @@ scan_once_str(PyScannerObject *s, PyObje
+     Py_ssize_t length = PyString_GET_SIZE(pystr);
+     PyObject *rval = NULL;
+     int fallthrough = 0;
+-    if (idx >= length) {
++    if (idx < 0 || idx >= length) {
+ 	raise_errmsg(ERR_EXPECTING_VALUE, pystr, idx);
+         return NULL;
+     }
+@@ -2274,7 +2274,7 @@ scan_once_unicode(PyScannerObject *s, Py
+     Py_ssize_t length = PyUnicode_GetLength(pystr);
+     PyObject *rval = NULL;
+     int fallthrough = 0;
+-    if (idx >= length) {
++    if (idx < 0 || idx >= length) {
+ 	raise_errmsg(ERR_EXPECTING_VALUE, pystr, idx);
+         return NULL;
+     }
+diff --git a/simplejson/decoder.py b/simplejson/decoder.py
+index 38cb027..1a6c5d9 100644
+--- a/simplejson/decoder.py
++++ b/simplejson/decoder.py
+@@ -384,6 +384,10 @@ def raw_decode(self, s, idx=0, _w=WHITESPACE.match, _PY3=PY3):
+         have extraneous data at the end.
+ 
+         """
++        if idx < 0:
++            # Ensure that raw_decode bails on negative indexes, the regex
++            # would otherwise mask this behavior. #98
++            raise JSONDecodeError('Expecting value', s, idx)
+         if _PY3 and not isinstance(s, text_type):
+             raise TypeError("Input string must be text, not bytes")
+         return self.scan_once(s, idx=_w(s, idx).end())
+diff --git a/simplejson/scanner.py b/simplejson/scanner.py
+index b7918b3..5abed35 100644
+--- a/simplejson/scanner.py
++++ b/simplejson/scanner.py
+@@ -118,6 +118,11 @@ def _scan_once(string, idx):
+             raise JSONDecodeError(errmsg, string, idx)
+ 
+     def scan_once(string, idx):
++        if idx < 0:
++            # Ensure the same behavior as the C speedup, otherwise
++            # this would work for *some* negative string indices due
++            # to the behavior of __getitem__ for strings. #98
++            raise JSONDecodeError('Expecting value', string, idx)
+         try:
+             return _scan_once(string, idx)
+         finally:
+diff --git a/simplejson/tests/test_decode.py b/simplejson/tests/test_decode.py
+index ea5c90a..30b692a 100644
+--- a/simplejson/tests/test_decode.py
++++ b/simplejson/tests/test_decode.py
+@@ -86,3 +86,14 @@ def test_raw_decode(self):
+         self.assertEqual(
+             ({'a': {}}, 11),
+             cls().raw_decode(" \n{\"a\": {}}"))
++
++    def test_bounds_checking(self):
++        # https://github.com/simplejson/simplejson/issues/98
++        j = json.decoder.JSONDecoder()
++        for i in [4, 5, 6, -1, -2, -3, -4, -5, -6]:
++            self.assertRaises(ValueError, j.scan_once, '1234', i)
++            self.assertRaises(ValueError, j.raw_decode, '1234', i)
++        x, y = sorted(['128931233', '472389423'], key=id)
++        diff = id(x) - id(y)
++        self.assertRaises(ValueError, j.scan_once, y, diff)
++        self.assertRaises(ValueError, j.raw_decode, y, i)
diff --git a/SPECS/python-simplejson.spec b/SPECS/python-simplejson.spec
index 7820f3c..6d9ee3c 100644
--- a/SPECS/python-simplejson.spec
+++ b/SPECS/python-simplejson.spec
@@ -4,7 +4,7 @@
 Name:           %{?scl_prefix}python-simplejson
 
 Version:        3.2.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Simple, fast, extensible JSON encoder/decoder for Python
 
 Group:          System Environment/Libraries
@@ -15,6 +15,9 @@ URL:            http://undefined.org/python/#simplejson
 Source0:        http://pypi.python.org/packages/source/s/simplejson/simplejson-%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{pkg_name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+# Fix for CVE-2014-461
+Patch0:         add-boundary-check.patch
+
 BuildRequires:  %{?scl_prefix}python2-devel
 BuildRequires:  %{?scl_prefix}python-setuptools
 BuildRequires:  %{?scl_prefix}python-nose
@@ -42,6 +45,8 @@ python stdlib.
 %prep
 %setup -q -n simplejson-%{version}
 
+%patch0 -p1
+
 
 %build
 %{?scl:scl enable %{scl} - << \EOF}
@@ -73,6 +78,10 @@ rm -rf %{buildroot}
 %{python_sitearch}/*
 
 %changelog
+* Mon May 18 2015 Matej Stuchlik <mstuchli@redhat.com> - 3.2.0-3
+- Fix CVE-2014-461, add boundary checks
+Resolves: rhbz#1222534
+
 * Fri Nov 08 2013 Robert Kuska <rkuska@redhat.com> - 3.2.0-2
 - Bump release number to avoid conflict with rhel-7.0