diff --git a/.gitignore b/.gitignore
index dc6af45..32283ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/runc-d736ef1.tar.gz
+SOURCES/runc-dc9208a.tar.gz
diff --git a/.runc.metadata b/.runc.metadata
index 6c81a25..39b6b73 100644
--- a/.runc.metadata
+++ b/.runc.metadata
@@ -1 +1 @@
-812dbd873389db38f03438166784aee998146d30 SOURCES/runc-d736ef1.tar.gz
+32859590dea35b77eed012c388d97fc12fdfdb93 SOURCES/runc-dc9208a.tar.gz
diff --git a/SPECS/runc.spec b/SPECS/runc.spec
index d08a700..9f46992 100644
--- a/SPECS/runc.spec
+++ b/SPECS/runc.spec
@@ -21,12 +21,12 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback no_openssl ${BUIL
 # https://github.com/opencontainers/runc
 %global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
 %global git0 https://%{import_path}
-%global commit0 d736ef14f0288d6993a1845745d6756cfc9ddd5a
+%global commit0 dc9208a3303feef5b3839f4323d9beb36df0a9dd
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 Name: %{repo}
 Version: 1.0.0
-Release: 64.rc9%{?dist}
+Release: 65.rc10%{?dist}
 Summary: CLI for running Open Containers
 ExcludeArch: %{ix86}
 License: ASL 2.0
@@ -89,22 +89,27 @@ install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash
 %{_datadir}/bash-completion/completions/%{name}
 
 %changelog
+* Wed Feb 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-65.rc10
+- address CVE-2019-19921 by updating to rc10
+- Resolves: #1801887
+
 * Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-64.rc9
 - use no_openssl in BUILDTAGS (no vendored crypto in runc)
-- Related: RHELPLAN-25138
+- Related: RHELPLAN-25139
 
 * Mon Dec 09 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-63.rc9
 - be sure to use golang >= 1.12.12-4
-- Related: RHELPLAN-25138
+- Related: RHELPLAN-25139
 
 * Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-62.rc9
 - rebuild because of CVE-2019-9512 and CVE-2019-9514
-- Related: RHELPLAN-25138
+- Resolves: #1766331, #1766303
 
 * Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-61.rc9
 - update to runc 1.0.0-rc9 release
 - amend golang deps
 - fixes CVE-2019-16884
+- Resolves: #1759651
 
 * Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-60.rc8
 - Resolves: #1721247 - enable fips mode