diff --git a/SOURCES/wget-1.14-CVE-2014-4877.patch b/SOURCES/wget-1.14-CVE-2014-4877.patch
new file mode 100644
index 0000000..5bca5e9
--- /dev/null
+++ b/SOURCES/wget-1.14-CVE-2014-4877.patch
@@ -0,0 +1,151 @@
+From 043366ac3248a58662a6fbf47a1dd688a75d0e78 Mon Sep 17 00:00:00 2001
+From: Darshit Shah <darnir@gmail.com>
+Date: Mon, 8 Sep 2014 00:41:17 +0530
+Subject: [PATCH 1/2] Fix R7-2014-15: Arbitrary Symlink Access
+
+Wget was susceptible to a symlink attack which could create arbitrary
+files, directories or symbolic links and set their permissions when
+retrieving a directory recursively through FTP. This commit changes the
+default settings in Wget such that Wget no longer creates local symbolic
+links, but rather traverses them and retrieves the pointed-to file in
+such a retrieval.
+
+The old behaviour can be attained by passing the --retr-symlinks=no
+option to the Wget invokation command.
+---
+ doc/wget.texi | 23 ++++++++++++-----------
+ src/init.c    | 16 ++++++++++++++++
+ 2 files changed, 28 insertions(+), 11 deletions(-)
+
+diff --git a/doc/wget.texi b/doc/wget.texi
+index a31eb5e..f54e98d 100644
+--- a/doc/wget.texi
++++ b/doc/wget.texi
+@@ -1883,17 +1883,18 @@ Preserve remote file permissions instead of permissions set by umask.
+ 
+ @cindex symbolic links, retrieving
+ @item --retr-symlinks
+-Usually, when retrieving @sc{ftp} directories recursively and a symbolic
+-link is encountered, the linked-to file is not downloaded.  Instead, a
+-matching symbolic link is created on the local filesystem.  The
+-pointed-to file will not be downloaded unless this recursive retrieval
+-would have encountered it separately and downloaded it anyway.
+-
+-When @samp{--retr-symlinks} is specified, however, symbolic links are
+-traversed and the pointed-to files are retrieved.  At this time, this
+-option does not cause Wget to traverse symlinks to directories and
+-recurse through them, but in the future it should be enhanced to do
+-this.
++By default, when retrieving @sc{ftp} directories recursively and a symbolic link
++is encountered, the symbolic link is traversed and the pointed-to files are
++retrieved.  Currently, Wget does not traverse symbolic links to directories to
++download them recursively, though this feature may be added in the future.
++
++When @samp{--retr-symlinks=no} is specified, the linked-to file is not
++downloaded.  Instead, a matching symbolic link is created on the local
++filesystem.  The pointed-to file will not be retrieved unless this recursive
++retrieval would have encountered it separately and downloaded it anyway.  This
++option poses a security risk where a malicious FTP Server may cause Wget to
++write to files outside of the intended directories through a specially crafted
++@sc{.listing} file.
+ 
+ Note that when retrieving a file (not a directory) because it was
+ specified on the command-line, rather than because it was recursed to,
+diff --git a/src/init.c b/src/init.c
+index 93e95f8..94b6f8b 100644
+--- a/src/init.c
++++ b/src/init.c
+@@ -366,6 +366,22 @@ defaults (void)
+ 
+   opt.dns_cache = true;
+   opt.ftp_pasv = true;
++  /* 2014-09-07  Darshit Shah  <darnir@gmail.com>
++   * opt.retr_symlinks is set to true by default. Creating symbolic links on the
++   * local filesystem pose a security threat by malicious FTP Servers that
++   * server a specially crafted .listing file akin to this:
++   *
++   * lrwxrwxrwx   1 root     root           33 Dec 25  2012 JoCxl6d8rFU -> /
++   * drwxrwxr-x  15 1024     106          4096 Aug 28 02:02 JoCxl6d8rFU
++   *
++   * A .listing file in this fashion makes Wget susceptiple to a symlink attack
++   * wherein the attacker is able to create arbitrary files, directories and
++   * symbolic links on the target system and even set permissions.
++   *
++   * Hence, by default Wget attempts to retrieve the pointed-to files and does
++   * not create the symbolic links locally.
++   */
++  opt.retr_symlinks = true;
+ 
+ #ifdef HAVE_SSL
+   opt.check_cert = true;
+-- 
+2.1.0
+
+From bfa8c9cc9937f686a4de110e49710061267f8d9e Mon Sep 17 00:00:00 2001
+From: Darshit Shah <darnir@gmail.com>
+Date: Mon, 8 Sep 2014 15:07:45 +0530
+Subject: [PATCH 2/2] Add checks for valid listing file in FTP
+
+When Wget retrieves a file through FTP, it first downloads a .listing
+file and parses it for information about the files and other metadata.
+Some servers may serve invalid .listing files. This patch checks for one
+such known inconsistency wherein multiple lines in a listing file have
+the same name. Such a filesystem is clearly not possible and hence we
+eliminate duplicate entries here.
+
+Signed-off-by: Darshit Shah <darnir@gmail.com>
+---
+ src/ftp.c     | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/src/ftp.c b/src/ftp.c
+index 2d54333..054cb61 100644
+--- a/src/ftp.c
++++ b/src/ftp.c
+@@ -2211,6 +2211,29 @@ has_insecure_name_p (const char *s)
+   return false;
+ }
+ 
++/* Test if the file node is invalid. This can occur due to malformed or
++ * maliciously crafted listing files being returned by the server.
++ *
++ * Currently, this function only tests if there are multiple entries in the
++ * listing file by the same name. However this function can be expanded as more
++ * such illegal listing formats are discovered. */
++static bool
++is_invalid_entry (struct fileinfo *f)
++{
++  struct fileinfo *cur;
++  cur = f;
++  char *f_name = f->name;
++  /* If the node we're currently checking has a duplicate later, we eliminate
++   * the current node and leave the next one intact. */
++  while (cur->next)
++    {
++      cur = cur->next;
++      if (strcmp(f_name, cur->name) == 0)
++          return true;
++    }
++  return false;
++}
++
+ /* A near-top-level function to retrieve the files in a directory.
+    The function calls ftp_get_listing, to get a linked list of files.
+    Then it weeds out the file names that do not match the pattern.
+@@ -2248,11 +2271,11 @@ ftp_retrieve_glob (struct url *u, ccon *con, int action)
+             f = f->next;
+         }
+     }
+-  /* Remove all files with possible harmful names */
++  /* Remove all files with possible harmful names or invalid entries. */
+   f = start;
+   while (f)
+     {
+-      if (has_insecure_name_p (f->name))
++      if (has_insecure_name_p (f->name) || is_invalid_entry (f))
+         {
+           logprintf (LOG_VERBOSE, _("Rejecting %s.\n"),
+                      quote (f->name));
+-- 
+2.1.0
+
diff --git a/SPECS/wget.spec b/SPECS/wget.spec
index e95d288..cc94424 100644
--- a/SPECS/wget.spec
+++ b/SPECS/wget.spec
@@ -1,7 +1,7 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
 Version: 1.14
-Release: 10%{?dist}
+Release: 10%{?dist}.1
 License: GPLv3+
 Group: Applications/Internet
 Url: http://www.gnu.org/software/wget/
@@ -19,6 +19,7 @@ Patch9: wget-1.14-doc-missing-opts-and-fix-preserve-permissions.patch
 Patch10: wget-1.14-set_sock_to_-1_if_no_persistent_conn.patch
 Patch11: wget-1.14-document-backups.patch
 Patch12: wget-1.14-fix-backups-to-work-as-documented.patch
+Patch13: wget-1.14-CVE-2014-4877.patch
 
 Provides: webclient
 Provides: bundled(gnulib) 
@@ -50,6 +51,7 @@ support for Proxy servers, and configurability.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
 
 %build
 if pkg-config openssl ; then
@@ -86,6 +88,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_infodir}/*
 
 %changelog
+* Fri Oct 24 2014 Tomas Hozza <thozza@redhat.com> - 1.14-10.1
+- Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access (#1156135)
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.14-10
 - Mass rebuild 2014-01-24