diff --git a/SOURCES/xerces-c-3.0.1-CVE-2018-1311.patch b/SOURCES/xerces-c-3.0.1-CVE-2018-1311.patch
new file mode 100644
index 0000000..f77019d
--- /dev/null
+++ b/SOURCES/xerces-c-3.0.1-CVE-2018-1311.patch
@@ -0,0 +1,21 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1311
+
+--- xerces-c-3.0.1/src/xercesc/internal/IGXMLScanner.cpp.cve1311
++++ xerces-c-3.0.1/src/xercesc/internal/IGXMLScanner.cpp
+@@ -1533,7 +1533,6 @@
+             DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
+             declDTD->setSystemId(sysId);
+             declDTD->setIsExternal(true);
+-            Janitor<DTDEntityDecl> janDecl(declDTD);
+ 
+             // Mark this one as a throw at end
+             reader->setThrowAtEnd(true);
+@@ -3154,7 +3153,6 @@
+     DTDEntityDecl* declDTD = new (fMemoryManager) DTDEntityDecl(gDTDStr, false, fMemoryManager);
+     declDTD->setSystemId(src.getSystemId());
+     declDTD->setIsExternal(true);
+-    Janitor<DTDEntityDecl> janDecl(declDTD);
+ 
+     // Mark this one as a throw at end
+     newReader->setThrowAtEnd(true);
diff --git a/SPECS/xerces-c.spec b/SPECS/xerces-c.spec
index aea7057..e6a63d0 100644
--- a/SPECS/xerces-c.spec
+++ b/SPECS/xerces-c.spec
@@ -1,7 +1,7 @@
 Summary:	Validating XML Parser
 Name:		xerces-c
 Version:	3.1.1
-Release:	9%{?dist}
+Release:	10%{?dist}
 License:	ASL 2.0
 Group:		System Environment/Libraries
 URL:		http://xml.apache.org/xerces-c/
@@ -10,6 +10,7 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Patch1: 	XMLReader.cpp.patch
 Patch2:  	xerces-c-CVE-2016-0729.patch
 Patch3: 	xerces-c-CVE-2016-4463.patch
+Patch4:         xerces-c-3.0.1-CVE-2018-1311.patch
 
 BuildRequires:	dos2unix
 
@@ -53,6 +54,8 @@ manipulating, and validating XML documents.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1 -b .cve1311
+
 # Copy samples before build to avoid including built binaries in -doc package
 mkdir -p _docs
 cp -a samples/ _docs/
@@ -102,6 +105,9 @@ rm -rf $RPM_BUILD_ROOT
 %doc README LICENSE NOTICE CREDITS doc _docs/*
 
 %changelog
+* Thu Feb 27 2020 Joe Orton <jorton@redhat.com> - 3.1.1-10
+- add security fix for CVE-2018-1311
+
 * Wed Sep 05 2018 Robbie Harwood <rharwood@redhat.com> - 3.1.1-9
 - Fix CVE-2016-4463
 - Resolves: #1534481