diff --git a/SOURCES/CVE-2019-19450.patch b/SOURCES/CVE-2019-19450.patch
new file mode 100644
index 0000000..fc1c1bd
--- /dev/null
+++ b/SOURCES/CVE-2019-19450.patch
@@ -0,0 +1,33 @@
+diff -aruN reportlab-3.4.0/src/reportlab/platypus/paraparser.py reportlab-3.4.0.alma/src/reportlab/platypus/paraparser.py
+--- reportlab-3.4.0/src/reportlab/platypus/paraparser.py	2017-03-07 13:17:00
++++ reportlab-3.4.0.alma/src/reportlab/platypus/paraparser.py	2023-10-18 15:29:30
+@@ -841,7 +841,11 @@
+                 v = '\0'
+         elif 'code' in attr:
+             try:
+-                v = int(eval(attr['code']))
++                v = attr['code'].lower()
++                if v.startswith('0x'):
++                    v = int(v,16)
++                else:
++                    v = int(v,0)    #treat as a python literal would be
+                 v = chr(v) if isPy3 else unichr(v)
+             except:
+                 self._syntax_error('<unichar/> invalid code attribute %s' % ascii(attr['code']))
+diff -aruN reportlab-3.4.0/tests/test_platypus_paragraphs.py reportlab-3.4.0.alma/tests/test_platypus_paragraphs.py
+--- reportlab-3.4.0/tests/test_platypus_paragraphs.py	2017-03-07 13:17:00
++++ reportlab-3.4.0.alma/tests/test_platypus_paragraphs.py	2023-10-18 15:29:30
+@@ -306,6 +306,13 @@
+         doc = MyDocTemplate(outputfile('test_platypus_imageandflowables.pdf'),showBoundary=1)
+         doc.multiBuild(story)
+ 
++    def test_unicharCodeSafety(self):
++        """test a bug reported by ravi prakash giri <raviprakashgiri@gmail.com>"""
++        normal = getSampleStyleSheet()['BodyText']
++        self.assertRaises(Exception,Paragraph,
++                """<unichar code="open('/tmp/test.txt','w').write('Hello from unichar')"/>""",
++                normal)
++
+ class TwoFrameDocTemplate(BaseDocTemplate):
+     "Define a simple document with two frames per page."
+     
diff --git a/SPECS/python-reportlab.spec b/SPECS/python-reportlab.spec
index f83581a..0615e31 100644
--- a/SPECS/python-reportlab.spec
+++ b/SPECS/python-reportlab.spec
@@ -3,7 +3,7 @@
 
 Name:           python-%{pypi}
 Version:        3.4.0
-Release:        8%{?dist}
+Release:        8%{?dist}.1.alma.1
 Summary:        Library for generating PDFs and graphics
 License:        BSD
 URL:            http://www.reportlab.org/
@@ -12,6 +12,10 @@ Source0:        https://pypi.python.org/packages/source/r/%{pypi}/%{pypi}-%{vers
 # https://bugzilla.redhat.com/show_bug.cgi?id=1769661
 Patch0:         python-reportlab-3.4.0-color-eval.patch
 
+# Patches were taken from upstream and modified to apply cleanly
+# https://github.com/MrBitBucket/reportlab-mirror/commit/4752c323bfd4358e57ed5039bdcc8425ccce544c
+Patch1:         CVE-2019-19450.patch
+
 %package -n     python3-%{pypi}
 Summary:        Library for generating PDFs and graphics
 BuildRequires:  python3-devel
@@ -43,6 +47,7 @@ Contains the documentation for ReportLab.
 %prep
 %setup -qn reportlab-%{version}
 %patch0 -p1 -b .color-eval
+%patch1 -p1 -b .cve-2019-19450
 # clean up hashbangs from libraries
 find src -name '*.py' | xargs sed -i -e '/^#!\//d'
 # patch the CMap path by adding Fedora ghostscript path before the match
@@ -78,6 +83,9 @@ rm -rf %{buildroot}%{python3_sitearch}/reportlab/fonts
 #%doc docs/*.pdf
 
 %changelog
+* Wed Oct 18 2023 Eduard Abdullin <eabdullin@almalinux.org> - 3.4.0-8.1.alma.1
+- Fix CVE-2019-19450
+
 * Wed Jan 15 2020 Marek Kasik <mkasik@redhat.com> - 3.4.0-8
 - Fix Requires for doc subpackage
 - Resolves: #1788556