diff --git a/.gitignore b/.gitignore
index 407492b..e80589f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/spice-0.14.2.tar.bz2
+SOURCES/spice-0.14.3.tar.bz2
SOURCES/victortoso-E37A484F.keyring
diff --git a/.spice.metadata b/.spice.metadata
index f6aea0d..b86a940 100644
--- a/.spice.metadata
+++ b/.spice.metadata
@@ -1,2 +1,2 @@
-83a93e47546d496cf2dcc3f4641db3a285044b9e SOURCES/spice-0.14.2.tar.bz2
+f5968dd5df5f64805d093b4c85b4165959e6c65b SOURCES/spice-0.14.3.tar.bz2
da7a529db1ea28a1540c5892ea9836abeb378c3e SOURCES/victortoso-E37A484F.keyring
diff --git a/SOURCES/0005-websocket-Fix-possible-integer-overflow.patch b/SOURCES/0005-websocket-Fix-possible-integer-overflow.patch
new file mode 100644
index 0000000..cbb2b1c
--- /dev/null
+++ b/SOURCES/0005-websocket-Fix-possible-integer-overflow.patch
@@ -0,0 +1,32 @@
+From b8f4d7d2c7a3d08a82f4bc7588cdff15cee54292 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <freddy77@gmail.com>
+Date: Tue, 16 Jun 2020 11:49:19 +0100
+Subject: [PATCH] websocket: Fix possible integer overflow
+
+The shift of a uint_8 number by a number > 32 causes an overflow.
+
+Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
+Acked-by: Uri Lublin <ulublin@redhat.com>
+---
+ server/websocket.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/server/websocket.c b/server/websocket.c
+index f5df63f8..82b20b49 100644
+--- a/server/websocket.c
++++ b/server/websocket.c
+@@ -165,8 +165,9 @@ static uint64_t extract_length(const uint8_t *buf, int *used)
+ case LENGTH_64BIT:
+ *used += 8;
+ outlen = 0;
+- for (i = 56; i >= 0; i -= 8) {
+- outlen |= (*buf++) << i;
++ for (i = 0; i < 8; ++i) {
++ outlen <<= 8;
++ outlen |= *buf++;
+ }
+ break;
+
+--
+2.26.2
+
diff --git a/SOURCES/0006-test-websocket-check-setsockopt-return-value.patch b/SOURCES/0006-test-websocket-check-setsockopt-return-value.patch
new file mode 100644
index 0000000..7095610
--- /dev/null
+++ b/SOURCES/0006-test-websocket-check-setsockopt-return-value.patch
@@ -0,0 +1,41 @@
+From 954eabaeb76a0f93a32210b6bf63157ad2c0fb22 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Wed, 17 Jun 2020 11:52:05 +0300
+Subject: [PATCH] test-websocket: check setsockopt return value
+
+Acked-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/tests/test-websocket.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/server/tests/test-websocket.c b/server/tests/test-websocket.c
+index 2115411e..701f5408 100644
+--- a/server/tests/test-websocket.c
++++ b/server/tests/test-websocket.c
+@@ -146,7 +146,10 @@ main(int argc, char **argv)
+ }
+
+ int enable = 1;
+- setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable));
++ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
++ (const void *) &enable, sizeof(enable)) < 0) {
++ err(1, "setsockopt reuseaddr");
++ }
+
+ if (non_blocking) {
+ red_socket_set_non_blocking(sock, true);
+@@ -200,7 +203,10 @@ handle_client(int new_sock)
+ }
+
+ int enable = 1;
+- setsockopt(new_sock, SOL_TCP, TCP_NODELAY, (const void *) &enable, sizeof(enable));
++ if (setsockopt(new_sock, SOL_TCP, TCP_NODELAY,
++ (const void *) &enable, sizeof(enable)) < 0) {
++ err(1, "setsockopt nodelay");
++ }
+
+ // wait header
+ wait_for(new_sock, POLLIN);
+--
+2.26.2
+
diff --git a/SOURCES/spice-0.14.2.tar.bz2.sig b/SOURCES/spice-0.14.2.tar.bz2.sig
deleted file mode 100644
index d145839..0000000
Binary files a/SOURCES/spice-0.14.2.tar.bz2.sig and /dev/null differ
diff --git a/SOURCES/spice-0.14.3.tar.bz2.sig b/SOURCES/spice-0.14.3.tar.bz2.sig
new file mode 100644
index 0000000..2b406f7
Binary files /dev/null and b/SOURCES/spice-0.14.3.tar.bz2.sig differ
diff --git a/SPECS/spice.spec b/SPECS/spice.spec
index 17c891d..3556483 100644
--- a/SPECS/spice.spec
+++ b/SPECS/spice.spec
@@ -1,6 +1,6 @@
Name: spice
-Version: 0.14.2
-Release: 1%{?dist}.1
+Version: 0.14.3
+Release: 3%{?dist}
Summary: Implements the SPICE protocol
Group: User Interface/Desktops
License: LGPLv2+
@@ -13,6 +13,9 @@ Patch2: 0002-quic-Check-image-size-in-quic_decode_begin.patch
Patch3: 0003-quic-Check-RLE-lengths.patch
Patch4: 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch
+Patch5: 0005-websocket-Fix-possible-integer-overflow.patch
+Patch6: 0006-test-websocket-check-setsockopt-return-value.patch
+
# https://bugzilla.redhat.com/show_bug.cgi?id=613529
%if 0%{?rhel} && 0%{?rhel} <= 7
ExclusiveArch: x86_64
@@ -46,7 +49,6 @@ variety of machine architectures.
%package server
Summary: Implements the server side of the SPICE protocol
Group: System Environment/Libraries
-Obsoletes: spice-client < %{version}-%{release}
%description server
The Simple Protocol for Independent Computing Environments (SPICE) is
@@ -100,7 +102,7 @@ mkdir -p %{buildroot}%{_libexecdir}
%files server
%{!?_licensedir:%global license %%doc}
%license COPYING
-%doc README NEWS
+%doc README CHANGELOG.md
%{_libdir}/libspice-server.so.1*
%files server-devel
@@ -110,9 +112,18 @@ mkdir -p %{buildroot}%{_libexecdir}
%changelog
-* Wed Sep 2 2020 Frediano Ziglio <fziglio@redhat.com> - 0.14.2-1.1
+* Wed Jun 17 2020 Uri Lublin <uril@redhat.com> - 0.14.3-3
+- Fix some static analyzer issues
+- Removed Obsoletes line for spice-client
+ Related: rhbz#1840240
+
+* Mon Jun 1 2020 Frediano Ziglio <fziglio@redhat.com> - 0.14.3-2
- Fix multiple buffer overflows in QUIC decoding code
- Resolves: CVE-2020-14355
+ Resolves: rhbz#1829946
+
+* Thu May 28 2020 Frediano Ziglio <fziglio@redhat.com> - 0.14.3-1
+- Update to 0.14.3
+ Revolves: rhbz#1840240
* Fri May 17 2019 Victor Toso <victortoso@redhat.com> - 0.14.2-1
- Update to 0.14.2