diff --git a/00332-CVE-2019-16056.patch b/00332-CVE-2019-16056.patch
new file mode 100644
index 0000000..4e3cd12
--- /dev/null
+++ b/00332-CVE-2019-16056.patch
@@ -0,0 +1,95 @@
+diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
+index 37a9fbcbb67d..facc208fde12 100644
+--- a/Lib/email/_header_value_parser.py
++++ b/Lib/email/_header_value_parser.py
+@@ -1964,6 +1964,8 @@ def get_domain(value):
+         token, value = get_dot_atom(value)
+     except errors.HeaderParseError:
+         token, value = get_atom(value)
++    if value and value[0] == '@':
++        raise errors.HeaderParseError('Invalid Domain')
+     if leader is not None:
+         token[:0] = [leader]
+     domain.append(token)
+diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
+index cdfa3729adc7..41ff6f8c000d 100644
+--- a/Lib/email/_parseaddr.py
++++ b/Lib/email/_parseaddr.py
+@@ -379,7 +379,12 @@ def getaddrspec(self):
+         aslist.append('@')
+         self.pos += 1
+         self.gotonext()
+-        return EMPTYSTRING.join(aslist) + self.getdomain()
++        domain = self.getdomain()
++        if not domain:
++            # Invalid domain, return an empty address instead of returning a
++            # local part to denote failed parsing.
++            return EMPTYSTRING
++        return EMPTYSTRING.join(aslist) + domain
+ 
+     def getdomain(self):
+         """Get the complete domain name from an address."""
+@@ -394,6 +399,10 @@ def getdomain(self):
+             elif self.field[self.pos] == '.':
+                 self.pos += 1
+                 sdlist.append('.')
++            elif self.field[self.pos] == '@':
++                # bpo-34155: Don't parse domains with two `@` like
++                # `a@malicious.org@important.com`.
++                return EMPTYSTRING
+             elif self.field[self.pos] in self.atomends:
+                 break
+             else:
+diff --git a/Lib/test/test_email/test__header_value_parser.py b/Lib/test/test_email/test__header_value_parser.py
+index b1e7dff2405d..8ae617a6bd58 100644
+--- a/Lib/test/test_email/test__header_value_parser.py
++++ b/Lib/test/test_email/test__header_value_parser.py
+@@ -1418,6 +1418,16 @@ def test_get_addr_spec_dot_atom(self):
+         self.assertEqual(addr_spec.domain, 'example.com')
+         self.assertEqual(addr_spec.addr_spec, 'star.a.star@example.com')
+ 
++    def test_get_addr_spec_multiple_domains(self):
++        with self.assertRaises(errors.HeaderParseError):
++            parser.get_addr_spec('star@a.star@example.com')
++
++        with self.assertRaises(errors.HeaderParseError):
++            parser.get_addr_spec('star@a@example.com')
++
++        with self.assertRaises(errors.HeaderParseError):
++            parser.get_addr_spec('star@172.17.0.1@example.com')
++
+     # get_obs_route
+ 
+     def test_get_obs_route_simple(self):
+diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py
+index 9b86a2aee9ac..d4c3447e63d0 100644
+--- a/Lib/test/test_email/test_email.py
++++ b/Lib/test/test_email/test_email.py
+@@ -3015,6 +3015,20 @@ def test_parseaddr_empty(self):
+         self.assertEqual(utils.parseaddr('<>'), ('', ''))
+         self.assertEqual(utils.formataddr(utils.parseaddr('<>')), '')
+ 
++    def test_parseaddr_multiple_domains(self):
++        self.assertEqual(
++            utils.parseaddr('a@b@c'),
++            ('', '')
++        )
++        self.assertEqual(
++            utils.parseaddr('a@b.c@c'),
++            ('', '')
++        )
++        self.assertEqual(
++            utils.parseaddr('a@172.17.0.1@c'),
++            ('', '')
++        )
++
+     def test_noquote_dump(self):
+         self.assertEqual(
+             utils.formataddr(('A Silly Person', 'person@dom.ain')),
+diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+new file mode 100644
+index 000000000000..50292e29ed1d
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+@@ -0,0 +1 @@
++Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.
diff --git a/python34.spec b/python34.spec
index e460f17..41c935d 100644
--- a/python34.spec
+++ b/python34.spec
@@ -515,6 +515,14 @@ Patch205: 00205-make-libpl-respect-lib64.patch
 # Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1718867
 Patch320: 00320-CVE-2019-10160.patch
 
+# 00332 #
+# Fix CVE-2019-16056: Don't parse email addresses containing
+# multiple '@' characters.
+# Fixed upstream and backported from the 3.5 branch:
+# https://bugs.python.org/issue34155
+# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1750457
+Patch332: 00332-CVE-2019-16056.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -806,6 +814,7 @@ sed -r -i s/'_PIP_VERSION = "[0-9.]+"'/'_PIP_VERSION = "%{pip_version}"'/ Lib/en
 %patch203 -p1
 %patch205 -p1
 %patch320 -p1
+%patch332 -p1
 
 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
 # are many differences between 2.6 and the Python 3 library.
@@ -1744,6 +1753,7 @@ CheckPython optimized
 * Thu Oct 03 2019 Carl George <carl@george.computer> - 3.4.10-4
 - Obsolete IUS python34u packages
 - Fix CVE-2019-10160 (rhbz#1718867)
+- Fix CVE-2019-16056 (rhbz#1750457)
 
 * Tue Apr 30 2019 Miro Hrončok <mhroncok@redhat.com> - 3.4.10-2
 - Require python3-other-rpm-macros instead of python3-rpm-macros