diff --git a/rpm-4.7.2-remove-sbits.patch b/rpm-4.7.2-remove-sbits.patch
new file mode 100644
index 0000000..d77bfbe
--- /dev/null
+++ b/rpm-4.7.2-remove-sbits.patch
@@ -0,0 +1,48 @@
+diff -up rpm-4.7.2/lib/fsm.c.remove-sbits rpm-4.7.2/lib/fsm.c
+--- rpm-4.7.2/lib/fsm.c.remove-sbits	2009-10-26 07:58:01.000000000 +0200
++++ rpm-4.7.2/lib/fsm.c	2010-06-30 13:07:58.000000000 +0300
+@@ -1323,6 +1323,21 @@ static const char * rpmteTypeString(rpmt
+     }
+ }
+ 
++static void removeSBITS(const char *path)
++{
++    struct stat stb;
++    if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) {
++	if ((stb.st_mode & 06000) != 0) {
++	    (void) chmod(path, stb.st_mode & 0777);
++	}
++#if WITH_CAP
++	if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
++	    (void) cap_set_file(path, NULL);
++	}
++#endif
++    }
++}
++
+ #define	IS_DEV_LOG(_x)	\
+ 	((_x) != NULL && strlen(_x) >= (sizeof("/dev/log")-1) && \
+ 	!strncmp((_x), "/dev/log", sizeof("/dev/log")-1) && \
+@@ -2028,11 +2043,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
+ 	break;
+ 
+     case FSM_UNLINK:
+-	if (fsm->mapFlags & CPIO_SBIT_CHECK) {
+-	    struct stat stb;
+-	    if (lstat(fsm->path, &stb) == 0 && S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0)
+-		chmod(fsm->path, stb.st_mode & 0777);
+-	}
++	if (fsm->mapFlags & CPIO_SBIT_CHECK)
++	    removeSBITS(fsm->path);
+ 	rc = unlink(fsm->path);
+ 	if (_fsm_debug && (stage & FSM_SYSCALL))
+ 	    rpmlog(RPMLOG_DEBUG, " %8s (%s) %s\n", cur,
+@@ -2041,6 +2053,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
+ 	    rc = (errno == ENOENT ? CPIOERR_ENOENT : CPIOERR_UNLINK_FAILED);
+ 	break;
+     case FSM_RENAME:
++	if (fsm->mapFlags & CPIO_SBIT_CHECK)
++	    removeSBITS(fsm->path);
+ 	rc = rename(fsm->opath, fsm->path);
+ #if defined(ETXTBSY) && defined(__HPUX__)
+ 	if (rc && errno == ETXTBSY) {
diff --git a/rpm.spec b/rpm.spec
index 0baadae..04506da 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -21,7 +21,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
@@ -46,6 +46,7 @@ Patch203: rpm-4.7.1-sign-passcheck.patch
 Patch204: rpm-4.7.1-rpmfc-data.patch
 Patch205: rpm-4.7.1-chmod-test.patch
 Patch206: rpm-4.7.1-python-types.patch
+Patch207: rpm-4.7.2-remove-sbits.patch
 
 # These are not yet upstream
 Patch301: rpm-4.6.0-niagara.patch
@@ -207,6 +208,7 @@ packages on a system.
 %patch204 -p1 -b .rpmfc-data
 %patch205 -p1 -b .chmod-test
 %patch206 -p1 -b .python-types
+%patch207 -p1 -b .remove-sbits
 
 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
@@ -421,6 +423,9 @@ exit 0
 %doc doc/librpm/html/*
 
 %changelog
+* Wed Jun 30 2010 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-2
+- Fix CVE-2010-2059 (#598775) and CVE-2010-2198 (#601955)
+
 * Tue Dec 08 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1
 - update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
 - fix posix chmod test to unbreak %%fixperms macro (#543035)