diff --git a/httpd-2.4.51-r1894150.patch b/httpd-2.4.51-r1894150.patch
new file mode 100644
index 0000000..c8acff9
--- /dev/null
+++ b/httpd-2.4.51-r1894150.patch
@@ -0,0 +1,17 @@
+# ./pullrev.sh 1894150
+http://svn.apache.org/viewvc?view=revision&revision=1894150
+
+--- httpd-2.4.51/server/util_filter.c
++++ httpd-2.4.51/server/util_filter.c
+@@ -565,8 +565,9 @@
+                                          apr_bucket_brigade *bb)
+ {
+     if (next) {
+-        apr_bucket *e;
+-        if ((e = APR_BRIGADE_LAST(bb)) && APR_BUCKET_IS_EOS(e) && next->r) {
++        apr_bucket *e = APR_BRIGADE_LAST(bb);
++
++        if (e != APR_BRIGADE_SENTINEL(bb) && APR_BUCKET_IS_EOS(e) && next->r) {
+             /* This is only safe because HTTP_HEADER filter is always in
+              * the filter stack.   This ensures that there is ALWAYS a
+              * request-based filter that we can attach this to.  If the
diff --git a/httpd-2.4.51-r1894152.patch b/httpd-2.4.51-r1894152.patch
new file mode 100644
index 0000000..95f5081
--- /dev/null
+++ b/httpd-2.4.51-r1894152.patch
@@ -0,0 +1,36 @@
+# ./pullrev.sh 1894152
+http://svn.apache.org/viewvc?view=revision&revision=1894152
+
+--- httpd-2.4.51/modules/filters/mod_deflate.c.r1894152
++++ httpd-2.4.51/modules/filters/mod_deflate.c
+@@ -835,6 +835,7 @@
+     while (!APR_BRIGADE_EMPTY(bb))
+     {
+         apr_bucket *b;
++        apr_status_t rv;
+ 
+         /*
+          * Optimization: If we are a HEAD request and bytes_sent is not zero
+@@ -914,8 +915,6 @@
+         }
+ 
+         if (APR_BUCKET_IS_FLUSH(e)) {
+-            apr_status_t rv;
+-
+             /* flush the remaining data from the zlib buffers */
+             zRC = flush_libz_buffer(ctx, c, f->c->bucket_alloc, deflate,
+                                     Z_SYNC_FLUSH, NO_UPDATE_CRC);
+@@ -947,7 +946,12 @@
+         }
+ 
+         /* read */
+-        apr_bucket_read(e, &data, &len, APR_BLOCK_READ);
++        rv = apr_bucket_read(e, &data, &len, APR_BLOCK_READ);
++        if (rv) {
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(10298)
++                          "failed reading from %s bucket", e->type->name);
++            return rv;
++        }
+         if (!len) {
+             apr_bucket_delete(e);
+             continue;
diff --git a/httpd.spec b/httpd.spec
index 0cd12da..9c21ef8 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -90,6 +90,8 @@ Patch45: httpd-2.4.43-logjournal.patch
 Patch60: httpd-2.4.43-enable-sslv3.patch
 Patch61: httpd-2.4.48-r1878890.patch
 Patch63: httpd-2.4.46-htcacheclean-dont-break.patch
+Patch64: httpd-2.4.51-r1894150.patch
+Patch65: httpd-2.4.51-r1894152.patch
 
 # Security fixes
 
@@ -241,6 +243,8 @@ written in the Lua programming language.
 %patch60 -p1 -b .enable-sslv3
 %patch61 -p1 -b .r1878890
 %patch63 -p1 -b .htcacheclean-dont-break
+%patch64 -p1 -b .r1894150
+%patch65 -p1 -b .r1894152
 
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -789,6 +793,7 @@ exit $rv
 %changelog
 * Tue Oct 12 2021 Joe Orton <jorton@redhat.com> - 2.4.51-2
 - mod_ssl: updated patch for OpenSSL 3.0 compatibility (#2007178)
+- mod_deflate/core: add two brigade handling correctness fixes
 
 * Thu Oct 07 2021 Patrick Uiterwijk <patrick@puiterwijk.org> - 2.4.51-1
 - new version 2.4.51