diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index 5ff49d7..1b16166 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -11,7 +11,7 @@
 Summary: The Cyrus SASL library.
 Name: cyrus-sasl
 Version: 2.1.19
-Release: 1
+Release: 2
 License: Freely Distributable
 Group: System Environment/Libraries
 Source0: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-%{version}.tar.gz
@@ -40,6 +40,8 @@ Patch7: cyrus-sasl-2.1.17-gssapi-dynamic.patch
 Patch9: cyrus-sasl-2.1.17-saslauthd1.patch
 Patch10: cyrus-sasl-2.1.18-db_bundle.patch
 Patch11: cyrus-sasl-2.1.18-no_rpath.patch
+Patch12: cyrus-sasl-1.5.28-env.patch
+Patch13: cyrus-sasl-2.1.19-env.patch
 Buildroot: %{_tmppath}/%{name}-root
 %if %{includev1}
 BuildPrereq: gdbm-devel
@@ -123,6 +125,7 @@ pushd cyrus-sasl-%{cs1_version}
 %patch2 -p1 -b .automake17
 %patch3 -p1 -b .automake18
 %patch4 -p1 -b .saslauthd2
+%patch12 -p1 -b .env
 rm config/ltconfig
 libtoolize -f -c
 aclocal -I config -I cmulocal
@@ -143,6 +146,7 @@ done
 #%patch9 -p1 -b .saslauthd1
 %patch10 -p1 -b .db_bundle
 %patch11 -p1 -b .no_rpath
+%patch13 -p1 -b .env
 # FIXME - this is just weird
 rm config/ltconfig config/libtool.m4
 libtoolize -f -c
@@ -514,6 +518,9 @@ fi
 #%{_sbindir}/saslauthd2-checkpass
 
 %changelog
+* Thu Oct  5 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.19-2
+- don't trust the environment in setuid/setgid contexts (CAN-2004-0884, #134660)
+
 * Thu Aug 19 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.19-1
 - rebuild (the 2.1.19 changelog for fixing a buffer overflow referred to a CVS
   revision between 2.1.18 and 2.1.19)