diff --git a/.dhcp.metadata b/.dhcp.metadata
new file mode 100644
index 0000000..eed7353
--- /dev/null
+++ b/.dhcp.metadata
@@ -0,0 +1 @@
+e4338f80bd2118ba1578e4bd3c2c154ec9c12ce0 dhcp-4.4.2b1.tar.gz
diff --git a/dhcp.spec b/dhcp.spec
index ce39e57..1a63ec3 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -15,7 +15,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.4.2
-Release:  18.b1%{?dist}
+Release:  19.b1%{?dist}
 
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
@@ -67,6 +67,7 @@ Patch30: CVE-2021-25220.patch
 Patch31: omshell-hmac-sha512-support.patch
 Patch32: CVE-2022-2928.patch
 Patch33: CVE-2022-2929.patch
+Patch34: dont-drop-bounds-twice.patch
 
 
 BuildRequires: autoconf
@@ -508,6 +509,9 @@ done
 %endif
 
 %changelog
+* Wed Apr 12 2023 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-19.b1
+- Do not drop bounding set twice (#2184965)
+
 * Mon Oct 10 2022 Martin Osvald <mosvald@redhat.com> - 12:4.4.2-18.b1
 - Fix for CVE-2022-2928
 - Fix for CVE-2022-2929
diff --git a/dont-drop-bounds-twice.patch b/dont-drop-bounds-twice.patch
new file mode 100644
index 0000000..7570a00
--- /dev/null
+++ b/dont-drop-bounds-twice.patch
@@ -0,0 +1,15 @@
+diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c
+index c4ee5ba..1c6531a 100644
+--- a/relay/dhcrelay.c
++++ b/relay/dhcrelay.c
+@@ -843,8 +843,8 @@ main(int argc, char **argv) {
+ #ifdef HAVE_LIBCAP_NG
+ 	/* Drop all capabilities */
+ 	if (!keep_capabilities) {
+-		capng_clear(CAPNG_SELECT_BOTH);
+-		capng_apply(CAPNG_SELECT_BOTH);
++		capng_clear(CAPNG_SELECT_CAPS);
++		capng_apply(CAPNG_SELECT_CAPS);
+ 		log_info ("Dropped all capabilities.");
+ 	}
+ #endif