diff --git a/irssi-1.0.3-allow-negative-values-in-settings.patch b/irssi-1.0.3-allow-negative-values-in-settings.patch
new file mode 100644
index 0000000..f14dbed
--- /dev/null
+++ b/irssi-1.0.3-allow-negative-values-in-settings.patch
@@ -0,0 +1,103 @@
+From 7354a74c654f1717d08a37c2b118141655974bc0 Mon Sep 17 00:00:00 2001
+From: dequis <dx@dxzone.com.ar>
+Date: Sat, 17 Jun 2017 14:30:37 -0300
+Subject: [PATCH] parse_time_interval: Allow negative time in settings
+
+This splits sign parsing out of parse_time_interval_uint() so that the
+negative sign is applied outside of the unsigned context where the
+number parsing is done, and after all the checks that it's lower than
+(1 << 31)
+
+This fixes issues with settings like `server_reconnect_time`,
+`server_connect_timeout` and `lag_max_before_disconnect`, which accepted
+-1 as a valid value.
+---
+ src/core/misc.c | 38 +++++++++++++++++++++++++-------------
+ 1 file changed, 25 insertions(+), 13 deletions(-)
+
+diff --git a/src/core/misc.c b/src/core/misc.c
+index 0f038cbb5..ce49925b1 100644
+--- a/src/core/misc.c
++++ b/src/core/misc.c
+@@ -781,24 +781,35 @@ int parse_uint(const char *nptr, char **endptr, int base, guint *number)
+ 	return TRUE;
+ }
+ 
++static int parse_number_sign(const char *input, char **endptr, int *sign)
++{
++	int sign_ = 1;
++
++	while (i_isspace(*input))
++		input++;
++
++	if (*input == '-') {
++		sign_ = -sign_;
++		input++;
++	}
++
++	*sign = sign_;
++	*endptr = (char *) input;
++	return TRUE;
++}
++
+ static int parse_time_interval_uint(const char *time, guint *msecs)
+ {
+ 	const char *desc;
+ 	guint number;
+-	int sign, len, ret, digits;
++	int len, ret, digits;
+ 
+ 	*msecs = 0;
+ 
+ 	/* max. return value is around 24 days */
+-	number = 0; sign = 1; ret = TRUE; digits = FALSE;
++	number = 0; ret = TRUE; digits = FALSE;
+ 	while (i_isspace(*time))
+ 		time++;
+-	if (*time == '-') {
+-		sign = -sign;
+-		time++;
+-		while (i_isspace(*time))
+-			time++;
+-	}
+ 	for (;;) {
+ 		if (i_isdigit(*time)) {
+ 			char *endptr;
+@@ -828,7 +839,6 @@ static int parse_time_interval_uint(const char *time, guint *msecs)
+ 			if (*time != '\0')
+ 				return FALSE;
+ 			*msecs += number * 1000; /* assume seconds */
+-			*msecs *= sign;
+ 			return TRUE;
+ 		}
+ 
+@@ -866,7 +876,6 @@ static int parse_time_interval_uint(const char *time, guint *msecs)
+ 		digits = FALSE;
+ 	}
+ 
+-	*msecs *= sign;
+ 	return ret;
+ }
+ 
+@@ -960,15 +969,18 @@ int parse_size(const char *size, int *bytes)
+ int parse_time_interval(const char *time, int *msecs)
+ {
+ 	guint msecs_;
+-	int ret;
++	char *number;
++	int ret, sign;
++
++	parse_number_sign(time, &number, &sign);
+ 
+-	ret = parse_time_interval_uint(time, &msecs_);
++	ret = parse_time_interval_uint(number, &msecs_);
+ 
+ 	if (msecs_ > (1U << 31)) {
+ 		return FALSE;
+ 	}
+ 
+-	*msecs = msecs_;
++	*msecs = msecs_ * sign;
+ 	return ret;
+ }
+ 
diff --git a/irssi.spec b/irssi.spec
index ba464ee..c3fbdb6 100644
--- a/irssi.spec
+++ b/irssi.spec
@@ -2,8 +2,8 @@
 
 Summary:	Modular text mode IRC client with Perl scripting
 Name:		irssi
-Version:	1.0.2
-Release:	2%{?dist}
+Version:	1.0.3
+Release:	1%{?dist}
 
 License:	GPLv2+
 Group:		Applications/Communications
@@ -15,6 +15,9 @@ BuildRequires:	ncurses-devel openssl-devel zlib-devel
 BuildRequires:	pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::Embed)
 BuildRequires:	autoconf automake libtool
 Requires:	perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+# Upstream patch to fix regression
+# https://github.com/irssi/irssi/issues/716
+Patch0:	irssi-1.0.3-allow-negative-values-in-settings.patch
 
 %package devel
 Summary:	Development package for irssi
@@ -36,6 +39,7 @@ being maintained.
 
 %prep
 %setup -q
+%patch0 -p1 -b .allow-negative-values-in-settings
 
 %build
 autoreconf -i
@@ -87,6 +91,12 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Tue Jun 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 1.0.3-1
+- New version
+  Resolves: rhbz#1459539
+  Resolves: CVE-2017-9468
+  Resolves: CVE-2017-9469
+
 * Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.0.2-2
 - Perl 5.26 rebuild
 
diff --git a/sources b/sources
index 525b303..1021920 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (irssi-1.0.2.tar.xz) = 0b5048b1babecaafcd6f2be59523635a3f028c17ceb751776099d74c50fc3daf8fdf52ef5c37f9b765f7a1e5e82f5e41230d14f05530de54386f7190c610d458
+SHA512 (irssi-1.0.3.tar.xz) = 3a369d9bad4e2016a6a0395b35e3db1f1a6ff7ff6b8361fe5d828c29dd6f81c4b8d1bdfe0304cb05402eecddde97f6d369a5e98f215bfd177287f303d3d714eb