diff --git a/mingw-poppler.spec b/mingw-poppler.spec
index 67e03d5..746d958 100644
--- a/mingw-poppler.spec
+++ b/mingw-poppler.spec
@@ -16,7 +16,10 @@ Source0:       http://poppler.freedesktop.org/%{pkgname}-%{version}.tar.xz
 Patch0:        poppler_isystem.patch
 # Downstream fix for CVE-2017-9083 (#1453200)
 Patch1:        poppler_CVE-2017-9083.patch
-
+# Backport fix for CVE-2018-20662 (#1665275)
+Patch2:        poppler_CVE-2018-20662.patch
+# Backport fix for CVE-2019-7310 (#1672419)
+Patch3:        poppler_CVE-2019-7310.patch
 
 BuildRequires: cmake
 BuildRequires: gettext-devel
@@ -227,6 +230,9 @@ rm -f %{buildroot}%{mingw64_bindir}/*.exe
 
 
 %changelog
+* Wed Feb 20 2019 Sandro Mani <manisandro@gmail.com> - 0.73.0-3
+- Backport security fixes: CVE-2018-20662, CVE-2019-7310
+
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.73.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
diff --git a/poppler_CVE-2017-9083.patch b/poppler_CVE-2017-9083.patch
index 23f6979..8a33a1c 100644
--- a/poppler_CVE-2017-9083.patch
+++ b/poppler_CVE-2017-9083.patch
@@ -1,6 +1,6 @@
 diff -rupN poppler-0.73.0/poppler/JPXStream.cc poppler-0.73.0-new/poppler/JPXStream.cc
 --- poppler-0.73.0/poppler/JPXStream.cc	2019-01-07 22:15:12.000000000 +0100
-+++ poppler-0.73.0-new/poppler/JPXStream.cc	2019-01-26 21:30:14.973229415 +0100
++++ poppler-0.73.0-new/poppler/JPXStream.cc	2019-02-20 19:06:08.024873692 +0100
 @@ -961,6 +961,11 @@ bool JPXStream::readCodestream(unsigned
  	      "Different number of components in JPX SIZ marker segment");
  	return false;
diff --git a/poppler_CVE-2018-20662.patch b/poppler_CVE-2018-20662.patch
new file mode 100644
index 0000000..2220fc6
--- /dev/null
+++ b/poppler_CVE-2018-20662.patch
@@ -0,0 +1,26 @@
+diff -rupN poppler-0.73.0/utils/pdfunite.cc poppler-0.73.0-new/utils/pdfunite.cc
+--- poppler-0.73.0/utils/pdfunite.cc	2019-01-07 22:15:12.000000000 +0100
++++ poppler-0.73.0-new/utils/pdfunite.cc	2019-02-20 19:06:08.067874556 +0100
+@@ -165,7 +165,7 @@ int main (int argc, char *argv[])
+   for (i = 1; i < argc - 1; i++) {
+     GooString *gfileName = new GooString(argv[i]);
+     PDFDoc *doc = new PDFDoc(gfileName, nullptr, nullptr, nullptr);
+-    if (doc->isOk() && !doc->isEncrypted()) {
++    if (doc->isOk() && !doc->isEncrypted() && doc->getXRef()->getCatalog().isDict()) {
+       docs.push_back(doc);
+       if (doc->getPDFMajorVersion() > majorVersion) {
+         majorVersion = doc->getPDFMajorVersion();
+@@ -175,9 +175,12 @@ int main (int argc, char *argv[])
+           minorVersion = doc->getPDFMinorVersion();
+         }
+       }
+-    } else if (doc->isOk()) {
++    } else if (doc->isEncrypted()) {
+       error(errUnimplemented, -1, "Could not merge encrypted files ('{0:s}')", argv[i]);
+       return -1;
++    } else if (!doc->getXRef()->getCatalog().isDict()) {
++      error(errSyntaxError, -1, "Catalog is not a dictionary ('{0:s}')", argv[i]);
++      return -1;
+     } else {
+       error(errSyntaxError, -1, "Could not merge damaged documents ('{0:s}')", argv[i]);
+       return -1;
diff --git a/poppler_CVE-2019-7310.patch b/poppler_CVE-2019-7310.patch
new file mode 100644
index 0000000..e170dbe
--- /dev/null
+++ b/poppler_CVE-2019-7310.patch
@@ -0,0 +1,15 @@
+diff -rupN poppler-0.73.0/poppler/XRef.cc poppler-0.73.0-new/poppler/XRef.cc
+--- poppler-0.73.0/poppler/XRef.cc	2019-01-07 22:15:12.000000000 +0100
++++ poppler-0.73.0-new/poppler/XRef.cc	2019-02-20 19:06:08.108875380 +0100
+@@ -1565,6 +1565,11 @@ DummyXRefEntry dummyXRefEntry;
+ 
+ XRefEntry *XRef::getEntry(int i, bool complainIfMissing)
+ {
++  if (unlikely(i < 0)) {
++    error(errInternal, -1, "Request for invalid XRef entry [{0:d}]", i);
++    return &dummyXRefEntry;
++  }
++
+   if (i >= size || entries[i].type == xrefEntryNone) {
+ 
+     if ((!xRefStream) && mainXRefEntriesOffset) {
diff --git a/poppler_isystem.patch b/poppler_isystem.patch
index bc81b18..3e9b677 100644
--- a/poppler_isystem.patch
+++ b/poppler_isystem.patch
@@ -1,6 +1,6 @@
 diff -rupN poppler-0.73.0/glib/CMakeLists.txt poppler-0.73.0-new/glib/CMakeLists.txt
 --- poppler-0.73.0/glib/CMakeLists.txt	2019-01-07 22:15:12.000000000 +0100
-+++ poppler-0.73.0-new/glib/CMakeLists.txt	2019-01-26 21:48:16.959850589 +0100
++++ poppler-0.73.0-new/glib/CMakeLists.txt	2019-02-20 19:06:07.984872888 +0100
 @@ -4,7 +4,6 @@ include_directories(
  )
  
@@ -11,7 +11,7 @@ diff -rupN poppler-0.73.0/glib/CMakeLists.txt poppler-0.73.0-new/glib/CMakeLists
  )
 diff -rupN poppler-0.73.0/test/CMakeLists.txt poppler-0.73.0-new/test/CMakeLists.txt
 --- poppler-0.73.0/test/CMakeLists.txt	2019-01-07 22:15:12.000000000 +0100
-+++ poppler-0.73.0-new/test/CMakeLists.txt	2019-01-26 21:48:33.269813045 +0100
++++ poppler-0.73.0-new/test/CMakeLists.txt	2019-02-20 19:06:07.985872908 +0100
 @@ -18,7 +18,6 @@ endif ()
  if (GTK_FOUND)