diff --git a/SOURCES/CVE-2019-12384.patch b/SOURCES/CVE-2019-12384.patch
new file mode 100644
index 0000000..18fd974
--- /dev/null
+++ b/SOURCES/CVE-2019-12384.patch
@@ -0,0 +1,19 @@
+From c9ef4a10d6f6633cf470d6a469514b68fa2be234 Mon Sep 17 00:00:00 2001
+From: Tatu Saloranta <tatu.saloranta@iki.fi>
+Date: Wed, 12 Jun 2019 22:20:12 -0700
+Subject: [PATCH] Fix #2334
+
+diff -uap jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java.orig jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+--- jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java.orig	2019-07-10 09:33:56.504230811 +0100
++++ jackson-databind-jackson-databind-2.7.6/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java	2019-07-10 09:37:41.094929667 +0100
+@@ -72,6 +72,10 @@ public class SubTypeValidator
+         s.add("org.apache.openjpa.ee.JNDIManagedRuntime");
+         // CVE-2018-19362
+         s.add("org.jboss.util.propertyeditor.DocumentEditor");
++
++        // [databind#2334] (2.9.9.1): logback-core
++        s.add("ch.qos.logback.core.db.DriverManagerConnectionSource");
++
+         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
+     }
+ 
diff --git a/SPECS/jackson-databind.spec b/SPECS/jackson-databind.spec
index db71a98..c9746b9 100644
--- a/SPECS/jackson-databind.spec
+++ b/SPECS/jackson-databind.spec
@@ -3,7 +3,7 @@
 
 Name:          %{?scl_prefix}jackson-databind
 Version:       2.7.6
-Release:       2.5%{?dist}
+Release:       2.6%{?dist}
 Summary:       General data-binding package for Jackson (2.x)
 License:       ASL 2.0 and LGPLv2+
 URL:           http://wiki.fasterxml.com/JacksonHome
@@ -22,6 +22,7 @@ Patch10:       CVE-2018-14721.patch
 Patch11:       CVE-2018-19360.patch
 Patch12:       CVE-2018-19361.patch
 Patch13:       CVE-2018-19362.patch
+Patch14:       CVE-2019-12384.patch
 
 BuildRequires: %{?scl_prefix}maven-local
 BuildRequires: %{?scl_prefix}mvn(com.fasterxml.jackson:jackson-parent:pom:)
@@ -60,6 +61,7 @@ This package contains javadoc for %{pkg_name}.
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 
 cp -p src/main/resources/META-INF/LICENSE .
 cp -p src/main/resources/META-INF/NOTICE .
@@ -98,6 +100,9 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/TestJdkTypes.java \
 %license LICENSE NOTICE
 
 %changelog
+* Wed Jul 10 2019 Joe Orton <jorton@redhat.com> - 2.7.6-2.6
+- fix CVE-2019-12384
+
 * Tue Apr 02 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 2.7.6-2.5
 - Fix various security flaws
 - Resolves: CVE-2018-11307, CVE-2018-12022, CVE-2018-12023,