diff --git a/SOURCES/rubygems-2.2.4-Limit-API-endpoint-to-original-security-domain.patch b/SOURCES/rubygems-2.2.4-Limit-API-endpoint-to-original-security-domain.patch
new file mode 100644
index 0000000..228fa52
--- /dev/null
+++ b/SOURCES/rubygems-2.2.4-Limit-API-endpoint-to-original-security-domain.patch
@@ -0,0 +1,70 @@
+From 6bbee35fd6daed045103f3122490a588d97c066a Mon Sep 17 00:00:00 2001
+From: Evan Phoenix <evan@phx.io>
+Date: Thu, 14 May 2015 14:53:35 -0700
+Subject: [PATCH] Limit API endpoint to original security domain
+
+Conflicts:
+	lib/rubygems/remote_fetcher.rb
+
+Conflicts:
+	test/rubygems/test_gem_remote_fetcher.rb
+---
+ lib/rubygems/remote_fetcher.rb           |  8 +++++++-
+ test/rubygems/test_gem_remote_fetcher.rb | 18 ++++++++++++++++--
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb
+index da1febb..ec78e5f 100644
+--- a/lib/rubygems/remote_fetcher.rb
++++ b/lib/rubygems/remote_fetcher.rb
+@@ -94,7 +94,13 @@ def api_endpoint(uri)
+     rescue Resolv::ResolvError
+       uri
+     else
+-      URI.parse "#{uri.scheme}://#{res.target}#{uri.path}"
++      target = res.target.to_s.strip
++
++      if /#{host}\z/ =~ target
++        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
++      end
++
++      uri
+     end
+   end
+ 
+diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb
+index 883e1bd..a590dca 100644
+--- a/test/rubygems/test_gem_remote_fetcher.rb
++++ b/test/rubygems/test_gem_remote_fetcher.rb
+@@ -167,6 +167,21 @@ def test_no_proxy
+   end
+ 
+   def test_api_endpoint
++    uri = URI.parse "http://example.com/foo"
++    target = MiniTest::Mock.new
++    target.expect :target, "gems.example.com"
++
++    dns = MiniTest::Mock.new
++    dns.expect :getresource, target, [String, Object]
++
++    fetch = Gem::RemoteFetcher.new nil, dns
++    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
++
++    target.verify
++    dns.verify
++  end
++
++  def test_api_endpoint_ignores_trans_domain_values
+     uri = URI.parse "http://gems.example.com/foo"
+     target = MiniTest::Mock.new
+     target.expect :target, "blah.com"
+@@ -175,8 +190,7 @@ def test_api_endpoint
+     dns.expect :getresource, target, [String, Object]
+ 
+     fetch = Gem::RemoteFetcher.new nil, dns
+-    @fetcher = fetcher
+-    assert_equal URI.parse("http://blah.com/foo"), fetch.api_endpoint(uri)
++    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
+ 
+     target.verify
+     dns.verify
diff --git a/SOURCES/rubygems-2.2.5-Fix-API-endpoint-domain-clamping.patch b/SOURCES/rubygems-2.2.5-Fix-API-endpoint-domain-clamping.patch
new file mode 100644
index 0000000..c025015
--- /dev/null
+++ b/SOURCES/rubygems-2.2.5-Fix-API-endpoint-domain-clamping.patch
@@ -0,0 +1,64 @@
+From 5c7bfb5c05202b4db971dd672d88a42298a0d84e Mon Sep 17 00:00:00 2001
+From: Evan Phoenix <evan@phx.io>
+Date: Mon, 18 May 2015 13:42:34 -0700
+Subject: [PATCH] Fix API endpoint domain clamping
+
+---
+ lib/rubygems/remote_fetcher.rb           |  2 +-
+ test/rubygems/test_gem_remote_fetcher.rb | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb
+index ec78e5f..3f107a3 100644
+--- a/lib/rubygems/remote_fetcher.rb
++++ b/lib/rubygems/remote_fetcher.rb
+@@ -96,7 +96,7 @@ def api_endpoint(uri)
+     else
+       target = res.target.to_s.strip
+ 
+-      if /#{host}\z/ =~ target
++      if /\.#{Regexp.quote(host)}\z/ =~ target
+         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+       end
+ 
+diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb
+index a590dca..6b29e18 100644
+--- a/test/rubygems/test_gem_remote_fetcher.rb
++++ b/test/rubygems/test_gem_remote_fetcher.rb
+@@ -196,6 +196,36 @@ def test_api_endpoint_ignores_trans_domain_values
+     dns.verify
+   end
+ 
++  def test_api_endpoint_ignores_trans_domain_values_that_starts_with_original
++    uri = URI.parse "http://example.com/foo"
++    target = MiniTest::Mock.new
++    target.expect :target, "example.combadguy.com"
++
++    dns = MiniTest::Mock.new
++    dns.expect :getresource, target, [String, Object]
++
++    fetch = Gem::RemoteFetcher.new nil, dns
++    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
++
++    target.verify
++    dns.verify
++  end
++
++  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
++    uri = URI.parse "http://example.com/foo"
++    target = MiniTest::Mock.new
++    target.expect :target, "badexample.com"
++
++    dns = MiniTest::Mock.new
++    dns.expect :getresource, target, [String, Object]
++
++    fetch = Gem::RemoteFetcher.new nil, dns
++    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
++
++    target.verify
++    dns.verify
++  end
++
+   def test_cache_update_path
+     uri = URI 'http://example/file'
+     path = File.join @tempdir, 'file'
diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec
index bf81f51..377a696 100644
--- a/SPECS/ruby.spec
+++ b/SPECS/ruby.spec
@@ -24,7 +24,7 @@
 %endif
 
 
-%global release 11
+%global release 12
 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 %global rubygems_version 2.4.5
@@ -115,6 +115,13 @@ Patch5: ruby-1.9.3-mkmf-verbose.patch
 # http://bugs.ruby-lang.org/issues/8566
 Patch6: ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch
 
+# Fix DNS hijacking vulnerability in api_endpoint() (CVE-2015-3900).
+# https://github.com/rubygems/rubygems/commit/6bbee35
+Patch7: rubygems-2.2.4-Limit-API-endpoint-to-original-security-domain.patch
+# Incomplete fix for CVE-2015-3900 (CVE-2015-4020).
+# https://github.com/rubygems/rubygems/commit/5c7bfb5
+Patch8: rubygems-2.2.5-Fix-API-endpoint-domain-clamping.patch
+
 Requires: %{?scl_prefix}%{pkg_name}-libs%{?_isa} = %{version}-%{release}
 Requires: %{?scl_prefix}ruby(rubygems) >= %{rubygems_version}
 # Make the bigdecimal gem a runtime dependency of Ruby to avoid problems
@@ -418,6 +425,8 @@ rm -rf ext/fiddle/libffi*
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
+%patch8 -p1
 
 # Allow to use autoconf 2.63.
 sed -i '/AC_PREREQ/ s/(.*)/(2.62)/' configure.in
@@ -915,6 +924,11 @@ make check TESTS="-v $DISABLE_TESTS"
 %{ruby_libdir}/tkextlib
 
 %changelog
+* Mon Aug 10 2015 Vít Ondruch <vondruch@redhat.com> - 2.2.2-12
+- Fix DNS hijacking vulnerability in api_endpoint() (CVE-2015-3900,
+  CVE-2015-4020).
+  Resolves: rhbz#1251465
+
 * Tue Apr 28 2015 Josef Stribny <jstribny@redhat.com> - 2.2.2-11
 - Update to Ruby 2.2.2
   - Resolves: rhbz#1215958