diff --git a/gimp-2.8.10-CVE-2013-1913,1978.patch b/gimp-2.8.10-CVE-2013-1913,1978.patch
new file mode 100644
index 0000000..07ea61b
--- /dev/null
+++ b/gimp-2.8.10-CVE-2013-1913,1978.patch
@@ -0,0 +1,177 @@
+From e3a100aa5872a19c10aadcf27a569465970347fe Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils@redhat.com>
+Date: Wed, 4 Dec 2013 11:17:11 +0100
+Subject: [PATCH] patch: CVE-2013-1913,1978
+
+Squashed commit of the following:
+
+commit 6a0912e7fe8b61e32c647d9ed3bc110b4a7f15cf
+Author: Nils Philippsen <nils@redhat.com>
+Date:   Tue Nov 26 10:49:42 2013 +0100
+
+    file-xwd: sanity check # of colors and map entries (CVE-2013-1978)
+
+    The number of colors in an image shouldn't be higher than the number of
+    colormap entries. Additionally, consolidate post error cleanup in
+    load_image().
+
+    (cherry picked from commit 23f685931e5f000dd033a45c60c1e60d7f78caf4)
+
+commit 0e95c2790d753d898f2d7ad560b48e5f487cf460
+Author: Nils Philippsen <nils@redhat.com>
+Date:   Thu Nov 14 14:29:01 2013 +0100
+
+    file-xwd: sanity check colormap size (CVE-2013-1913)
+
+    (cherry picked from commit 32ae0f83e5748299641cceaabe3f80f1b3afd03e)
+---
+ plug-ins/common/file-xwd.c | 62 +++++++++++++++++++++++++++-------------------
+ 1 file changed, 37 insertions(+), 25 deletions(-)
+
+diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
+index 3240f7e..ba07afd 100644
+--- a/plug-ins/common/file-xwd.c
++++ b/plug-ins/common/file-xwd.c
+@@ -424,9 +424,9 @@ static gint32
+ load_image (const gchar  *filename,
+             GError      **error)
+ {
+-  FILE            *ifp;
++  FILE            *ifp = NULL;
+   gint             depth, bpp;
+-  gint32           image_ID;
++  gint32           image_ID = -1;
+   L_XWDFILEHEADER  xwdhdr;
+   L_XWDCOLOR      *xwdcolmap = NULL;
+ 
+@@ -436,7 +436,7 @@ load_image (const gchar  *filename,
+       g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno),
+                    _("Could not open '%s' for reading: %s"),
+                    gimp_filename_to_utf8 (filename), g_strerror (errno));
+-      return -1;
++      goto out;
+     }
+ 
+   read_xwd_header (ifp, &xwdhdr);
+@@ -445,8 +445,7 @@ load_image (const gchar  *filename,
+       g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                    _("Could not read XWD header from '%s'"),
+                    gimp_filename_to_utf8 (filename));
+-      fclose (ifp);
+-      return -1;
++      goto out;
+     }
+ 
+ #ifdef XWD_COL_WAIT_DEBUG
+@@ -461,8 +460,25 @@ load_image (const gchar  *filename,
+   /* Position to start of XWDColor structures */
+   fseek (ifp, (long)xwdhdr.l_header_size, SEEK_SET);
+ 
++  /* Guard against insanely huge color maps -- gimp_image_set_colormap() only
++   * accepts colormaps with 0..256 colors anyway. */
++  if (xwdhdr.l_colormap_entries > 256)
++    {
++      g_message (_("'%s':\nIllegal number of colormap entries: %ld"),
++                 gimp_filename_to_utf8 (filename),
++                 (long)xwdhdr.l_colormap_entries);
++      goto out;
++    }
++
+   if (xwdhdr.l_colormap_entries > 0)
+     {
++      if (xwdhdr.l_colormap_entries < xwdhdr.l_ncolors)
++        {
++          g_message (_("'%s':\nNumber of colormap entries < number of colors"),
++                     gimp_filename_to_utf8 (filename));
++          goto out;
++        }
++
+       xwdcolmap = g_new (L_XWDCOLOR, xwdhdr.l_colormap_entries);
+ 
+       read_xwd_cols (ifp, &xwdhdr, xwdcolmap);
+@@ -482,9 +498,7 @@ load_image (const gchar  *filename,
+       if (xwdhdr.l_file_version != 7)
+         {
+           g_message (_("Can't read color entries"));
+-          g_free (xwdcolmap);
+-          fclose (ifp);
+-          return (-1);
++          goto out;
+         }
+     }
+ 
+@@ -492,9 +506,7 @@ load_image (const gchar  *filename,
+     {
+       g_message (_("'%s':\nNo image width specified"),
+                  gimp_filename_to_utf8 (filename));
+-      g_free (xwdcolmap);
+-      fclose (ifp);
+-      return (-1);
++      goto out;
+     }
+ 
+   if (xwdhdr.l_pixmap_width > GIMP_MAX_IMAGE_SIZE
+@@ -502,27 +514,21 @@ load_image (const gchar  *filename,
+     {
+       g_message (_("'%s':\nImage width is larger than GIMP can handle"),
+                  gimp_filename_to_utf8 (filename));
+-      g_free (xwdcolmap);
+-      fclose (ifp);
+-      return (-1);
++      goto out;
+     }
+ 
+   if (xwdhdr.l_pixmap_height <= 0)
+     {
+       g_message (_("'%s':\nNo image height specified"),
+                  gimp_filename_to_utf8 (filename));
+-      g_free (xwdcolmap);
+-      fclose (ifp);
+-      return (-1);
++      goto out;
+     }
+ 
+   if (xwdhdr.l_pixmap_height > GIMP_MAX_IMAGE_SIZE)
+     {
+       g_message (_("'%s':\nImage height is larger than GIMP can handle"),
+                  gimp_filename_to_utf8 (filename));
+-      g_free (xwdcolmap);
+-      fclose (ifp);
+-      return (-1);
++      goto out;
+     }
+ 
+   gimp_progress_init_printf (_("Opening '%s'"),
+@@ -571,11 +577,6 @@ load_image (const gchar  *filename,
+     }
+   gimp_progress_update (1.0);
+ 
+-  fclose (ifp);
+-
+-  if (xwdcolmap)
+-    g_free (xwdcolmap);
+-
+   if (image_ID == -1 && ! (error && *error))
+     g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                  _("XWD-file %s has format %d, depth %d and bits per pixel %d. "
+@@ -583,6 +584,17 @@ load_image (const gchar  *filename,
+                  gimp_filename_to_utf8 (filename),
+                  (gint) xwdhdr.l_pixmap_format, depth, bpp);
+ 
++out:
++  if (ifp)
++    {
++      fclose (ifp);
++    }
++
++  if (xwdcolmap)
++    {
++      g_free (xwdcolmap);
++    }
++
+   return image_ID;
+ }
+ 
+-- 
+1.8.4.2
+
diff --git a/gimp.spec b/gimp.spec
index aa49602..ce53d28 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -82,7 +82,7 @@ Summary:        GNU Image Manipulation Program
 Name:           gimp
 Epoch:          2
 Version:        2.8.10
-Release:        %{?prerelprefix}1%{dotprerel}%{dotgitrev}%{?dist}
+Release:        %{?prerelprefix}2%{dotprerel}%{dotgitrev}%{?dist}
 
 # Compute some version related macros
 # Ugly hack, you need to get your quoting backslashes/percent signs straight
@@ -206,6 +206,12 @@ Patch0:         gimp-%{version}%{dashprerel}-git%{gitrev}.patch.bz2
 # Fedora specific.
 Patch1:         gimp-2.8.2-cm-system-monitor-profile-by-default.patch
 
+# Avoid buffer overflows in the XWD loader
+# CVE-2013-1913, CVE-2013-1978
+# Upstream commit 7f2322e4ced8ba393abc5a0aa15a607f340f0db8
+# Upstream commit 0ffb3b6753aad00512349bba31bf5113054c6a0e
+Patch2:         gimp-2.8.10-CVE-2013-1913,1978.patch
+
 # use external help browser directly if help browser plug-in is not built
 Patch100:       gimp-2.8.6-external-help-browser.patch
 
@@ -295,6 +301,7 @@ EOF
 %endif
 
 %patch1 -p1 -b .cm-system-monitor-profile-by-default
+%patch2 -p1 -b .CVE-2013-1913,1978
 
 %if ! %{with helpbrowser}
 %patch100 -p1 -b .external-help-browser
@@ -608,6 +615,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Wed Dec 04 2013 Nils Philippsen <nils@redhat.com> - 2:2.8.10-2
+- avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978)
+
 * Fri Nov 29 2013 Nils Philippsen <nils@redhat.com> - 2:2.8.10-1
 - version 2.8.10