diff --git a/SOURCES/subversion-1.10.2-CVE-2020-17525.patch b/SOURCES/subversion-1.10.2-CVE-2020-17525.patch
new file mode 100644
index 0000000..82784bf
--- /dev/null
+++ b/SOURCES/subversion-1.10.2-CVE-2020-17525.patch
@@ -0,0 +1,17 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1922303
+https://github.com/apache/subversion/commit/c83d9e5db564bdbbd91a7eb1c9399f66f481361c
+
+--- a/subversion/libsvn_repos/config_file.c
++++ b/subversion/libsvn_repos/config_file.c
+@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream,
+     {
+       /* Search for a repository in the full path. */
+       repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool);
++      if (repos_root_dirent == NULL)
++        return svn_error_trace(handle_missing_file(stream, checksum, access,
++                                                   url, must_exist,
++                                                   svn_node_none));
+ 
+       /* Attempt to open a repository at repos_root_dirent. */
+       SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL,
diff --git a/SPECS/subversion.spec b/SPECS/subversion.spec
index 1c2e656..564f8fb 100644
--- a/SPECS/subversion.spec
+++ b/SPECS/subversion.spec
@@ -37,7 +37,7 @@
 Summary: A Modern Concurrent Version Control System
 Name: subversion
 Version: 1.10.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: ASL 2.0
 Group: Development/Tools
 URL: https://subversion.apache.org/
@@ -56,6 +56,7 @@ Patch4: subversion-1.8.0-rubybind.patch
 Patch5: subversion-1.8.5-swigplWall.patch
 Patch6: subversion-1.10.2-CVE-2019-0203.patch
 Patch7: subversion-1.10.2-CVE-2018-11782.patch
+Patch8: subversion-1.10.2-CVE-2020-17525.patch
 BuildRequires: autoconf, libtool, texinfo, which
 BuildRequires: swig >= 1.3.24, gettext
 %if %{with bdb}
@@ -224,6 +225,7 @@ This package includes supplementary tools for use with Subversion.
 %patch5 -p1 -b .swigplWall
 %patch6 -p1 -b .cve0203
 %patch7 -p1 -b .cve11782
+%patch8 -p1 -b .cve17525
 
 %build
 # Regenerate the buildsystem, so that:
@@ -546,6 +548,9 @@ make check-javahl
 %endif
 
 %changelog
+* Wed Feb 10 2021 Joe Orton <jorton@redhat.com> - 1.10.2-4
+- add security fix for CVE-2020-17525
+
 * Mon May 18 2020 Joe Orton <jorton@redhat.com> - 1.10.2-3
 - add security fix for CVE-2018-11782