--- gzip.spec.orig	2010-01-21 05:33:38.000000000 -0500
+++ gzip.spec	2010-01-21 05:37:54.000000000 -0500
@@ -1,7 +1,7 @@
 Summary: The GNU data compression program
 Name: gzip
 Version: 1.3.12
-Release: 9%{?dist}
+Release: 9.scripts.%{scriptsversion}%{?dist}
 # info pages are under GFDL license
 License: GPLv2 and GFDL
 Group: Applications/File
@@ -17,6 +17,8 @@
 Patch16: gzip-1.3.5-cve-2006-4337_len.patch
 Patch17: gzip-1.3.12-futimens.patch
 Patch18: gzip-1.3.12-zdiff.patch
+Patch100: gzip-cve-2009-2624.patch
+Patch101: gzip-cve-2010-0001.patch
 URL: http://www.gzip.org/
 Requires: /sbin/install-info
 Requires: mktemp less
@@ -43,6 +45,8 @@
 %patch16 -p1 -b .4337l
 %patch17 -p1 -b .futimens
 %patch18 -p1 -b .ret
+%patch100 -p0 -b .cve-2009-2624
+%patch101 -p0 -b .cve-2010-0001
 %build
 export DEFS="NO_ASM"
 export CPPFLAGS="-DHAVE_LSTAT"
@@ -89,6 +93,10 @@
 %{_infodir}/gzip.info*
 
 %changelog
+* Thu Jan 21 2010 Mitchell Berger <mitchb@mit.edu> 1.3.12-9.scripts.1432
+- Add patch for CVE-2009-2624
+- Add patch for CVE-2010-0001
+
 * Fri Mar 13 2009 Ivana Varekova <varekova@redhat.com> - 1.3.12-9
 - fix #484213 - zdiff shows no output