diff --git a/.gitignore b/.gitignore
index c5bf0b1..071ce6d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/Python-3.9.13.tar.xz
+SOURCES/Python-3.9.16.tar.xz
diff --git a/00329-fips.patch b/00329-fips.patch
index 4170fe4..cec8740 100644
--- a/00329-fips.patch
+++ b/00329-fips.patch
@@ -1,4 +1,4 @@
-From 37aa11f4c57e08bd3859c0de1c22f1d5296b6fdc Mon Sep 17 00:00:00 2001
+From ccb2659fa0ec259d4161ed84345553bf3f216531 Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <encukou@gmail.com>
 Date: Wed, 11 Aug 2021 16:51:03 +0200
 Subject: [PATCH 01/10] Backport PyModule_AddObjectRef as
@@ -71,10 +71,10 @@ index 13482c6..fca1083 100644
  PyModule_AddIntConstant(PyObject *m, const char *name, long value)
  {
 -- 
-2.35.3
+2.37.2
 
 
-From 3fc28233b7244bb891499a974c3f3cda42454760 Mon Sep 17 00:00:00 2001
+From 794c37495d91823bd820b96382b999d84dcad58d Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <encukou@gmail.com>
 Date: Fri, 13 Aug 2021 13:16:43 +0200
 Subject: [PATCH 02/10] _hashopenssl: Uncomment and use initialization function
@@ -144,10 +144,10 @@ index 4db058c..56dfff9 100644
  
      return m;
 -- 
-2.35.3
+2.37.2
 
 
-From 309e06621a9a8b8220c8f83d588cc76e1fa2380d Mon Sep 17 00:00:00 2001
+From 94b56c82b459474c3e0f9e5421fa7becbf5a1c70 Mon Sep 17 00:00:00 2001
 From: Christian Heimes <christian@python.org>
 Date: Sat, 27 Mar 2021 14:55:03 +0100
 Subject: [PATCH 03/10] bpo-40645: use C implementation of HMAC (GH-24920,
@@ -927,10 +927,10 @@ index 68aa765..4466ec4 100644
 -/*[clinic end generated code: output=b6b280e46bf0b139 input=a9049054013a1b77]*/
 +/*[clinic end generated code: output=7ff9aad0bd53e7ce input=a9049054013a1b77]*/
 -- 
-2.35.3
+2.37.2
 
 
-From 2656f4998c17d8a63b5b45462a2dae5b1b3d520f Mon Sep 17 00:00:00 2001
+From b63e3fbd7c0506b5a6c00c1bb0d255054e38bbe8 Mon Sep 17 00:00:00 2001
 From: Charalampos Stratakis <cstratak@redhat.com>
 Date: Thu, 12 Dec 2019 16:58:31 +0100
 Subject: [PATCH 04/10] Expose blake2b and blake2s hashes from OpenSSL
@@ -1137,10 +1137,10 @@ index 4466ec4..54c22b2 100644
 -/*[clinic end generated code: output=7ff9aad0bd53e7ce input=a9049054013a1b77]*/
 +/*[clinic end generated code: output=fab05055e982f112 input=a9049054013a1b77]*/
 -- 
-2.35.3
+2.37.2
 
 
-From 652264a57ab6564bfe775d88502776df95cd897d Mon Sep 17 00:00:00 2001
+From dc8ad7b98d6d9bf14cae439acb3a99fa8f4f5020 Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <pviktori@redhat.com>
 Date: Thu, 1 Aug 2019 17:57:05 +0200
 Subject: [PATCH 05/10] Use a stronger hash in multiprocessing handshake
@@ -1185,10 +1185,10 @@ index 510e4b5..b68f2fb 100644
      response = connection.recv_bytes(256)        # reject large message
      if response != WELCOME:
 -- 
-2.35.3
+2.37.2
 
 
-From 4a8637f114196b1ab19435ea64c19c7acf77776c Mon Sep 17 00:00:00 2001
+From af0c88c9d5bc4f9c127e49ed80d14e25d18813f2 Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <pviktori@redhat.com>
 Date: Thu, 25 Jul 2019 17:19:06 +0200
 Subject: [PATCH 06/10] Disable Python's hash implementations in FIPS mode,
@@ -1446,10 +1446,10 @@ index 0bec170..479f4b5 100644
              ))
  
 -- 
-2.35.3
+2.37.2
 
 
-From 165bcd0377075dbac9fa3f988ed5189668597ab6 Mon Sep 17 00:00:00 2001
+From 9bc3d493a3508fb82df7d24cc62315c072d9eca8 Mon Sep 17 00:00:00 2001
 From: Charalampos Stratakis <cstratak@redhat.com>
 Date: Fri, 29 Jan 2021 14:16:21 +0100
 Subject: [PATCH 07/10] Use python's fall back crypto implementations only if
@@ -1613,10 +1613,10 @@ index fa4a8d7..ec6c883 100644
      def test_pbkdf2_hmac_py(self):
          self._test_pbkdf2_hmac(builtin_hashlib.pbkdf2_hmac, builtin_hashes)
 -- 
-2.35.3
+2.37.2
 
 
-From f4383a6e0be8b75db2380fdcf0174b09709b613f Mon Sep 17 00:00:00 2001
+From 331c0d39cbc9c4df266c375bae8c1a0d27dd78d9 Mon Sep 17 00:00:00 2001
 From: Charalampos Stratakis <cstratak@redhat.com>
 Date: Wed, 31 Jul 2019 15:43:43 +0200
 Subject: [PATCH 08/10] Test equivalence of hashes for the various digests with
@@ -1772,10 +1772,10 @@ index ec6c883..0fd036f 100644
  class KDFTests(unittest.TestCase):
  
 -- 
-2.35.3
+2.37.2
 
 
-From 5ecf11d53225bbe04e35970a834bcc90cd944391 Mon Sep 17 00:00:00 2001
+From 1a3df28f95710925bc80018bcf22b7f37bbb1e17 Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <pviktori@redhat.com>
 Date: Mon, 26 Aug 2019 19:39:48 +0200
 Subject: [PATCH 09/10] Guard against Python HMAC in FIPS mode
@@ -1889,10 +1889,10 @@ index adf52ad..41e6a14 100644
      def test_realcopy_old(self):
          # Testing if the copy method created a real copy.
 -- 
-2.35.3
+2.37.2
 
 
-From 532ce8649bf743c029aa5ddb25d74604d9798da9 Mon Sep 17 00:00:00 2001
+From dded0e09dd3e51998a2aa54d2ae8464d73987e51 Mon Sep 17 00:00:00 2001
 From: Petr Viktorin <encukou@gmail.com>
 Date: Wed, 25 Aug 2021 16:44:43 +0200
 Subject: [PATCH 10/10] Disable hash-based PYCs in FIPS mode
@@ -1935,15 +1935,13 @@ index bba3642..02db901 100644
          return PycInvalidationMode.CHECKED_HASH
      else:
 diff --git a/Lib/test/support/__init__.py b/Lib/test/support/__init__.py
-index 86ac8f0..dc042f7 100644
+index 6dc0813..b9d5f9a 100644
 --- a/Lib/test/support/__init__.py
 +++ b/Lib/test/support/__init__.py
-@@ -3294,3 +3294,17 @@ def clear_ignored_deprecations(*tokens: object) -> None:
-     if warnings.filters != new_filters:
-         warnings.filters[:] = new_filters
+@@ -3296,6 +3296,20 @@ def clear_ignored_deprecations(*tokens: object) -> None:
          warnings._filters_mutated()
-+
-+
+ 
+ 
 +def fails_in_fips_mode(expected_error):
 +    import _hashlib
 +    if _hashlib.get_fips_mode():
@@ -1956,6 +1954,11 @@ index 86ac8f0..dc042f7 100644
 +        def _decorator(func):
 +            return func
 +    return _decorator
++
++
+ @contextlib.contextmanager
+ def adjust_int_max_str_digits(max_digits):
+     """Temporarily change the integer string conversion length limit."""
 diff --git a/Lib/test/test_cmd_line_script.py b/Lib/test/test_cmd_line_script.py
 index 7cb1370..61df232 100644
 --- a/Lib/test/test_cmd_line_script.py
@@ -2171,5 +2174,5 @@ index 8358d70..1b7fb85 100644
          uint64_t x;
          char data[sizeof(uint64_t)];
 -- 
-2.35.3
+2.37.2
 
diff --git a/Python-3.9.16.tar.xz.asc b/Python-3.9.16.tar.xz.asc
new file mode 100644
index 0000000..5a093c6
--- /dev/null
+++ b/Python-3.9.16.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmOPjAQACgkQsmmV4xAl
+BWjzjQ//TQ9AtAs3RwRfGfJigHl3TG5lfYYdzAZIwEtt6NUw8tVKriCBMSvsJDjD
+rlFX64SPWaDlTggnatU88sj1y4AtGpf517GbYKwJ1oLQjcCSIs6WSxD7CZAfb4CL
+257KMANkT/n46luovTraqhAyLXp8fVWIEoSt3+6RgNYshjv00V6+L0HoE6jkzBRV
+si6KHDUCyIydOJEtAt79w5Ze/pFxJjIlGZ6WxyRVEy77cyQKh0g4dSdQ15HZAsfr
+fvv8rOmd8VXwIMi4xaUaHMddQxNrydDldDpKR4L1Lay/nY3OvSLI1AMw0D7n/FVO
+HxgYvxwkRqHPgbDIBLoHe7nsou0621ELS+j6M7cRoqAjsSfEOwpHOBw7k4+zOoa3
+4FHvru6TmT1p2iT6GSRllp/XspAzSelJeaFWA0Rs57MQ14gtXrw5hQHyZ1NgMzZi
+TMpnj0tGHufQYn2ZQqGUIySvtH3S5eIZgZGdPETJ5k09mcRVEKcdujTbkrIcOYtC
+GoPCw+3Qe7feVZLzElnsela9bDZi3uWfZh2kVyhZPAvxXJ0VNVCLvPlCKpr0R7t5
+JJ7jMpblsA05FT6ZanbqWNFZtCHMjlkK1259oST3BMbBSHTFgY/KGJEHQTkYU3M2
+U5OSn4za47qFBTVIXQsqkLGEBU/wrxtNmerJel8YW3ZIrkoTv2E=
+=dXB5
+-----END PGP SIGNATURE-----
diff --git a/python39.spec b/python39.spec
index e17d1a9..10af63f 100644
--- a/python39.spec
+++ b/python39.spec
@@ -13,7 +13,7 @@ URL: https://www.python.org/
 
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
-%global general_version %{pybasever}.13
+%global general_version %{pybasever}.16
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
@@ -415,16 +415,6 @@ Patch353: 00353-architecture-names-upstream-downstream.patch
 # Upstream: https://bugs.python.org/issue46811
 Patch378: 00378-support-expat-2-4-5.patch
 
-# 00382 # 9e275dcdf3934b827994ecc3247d583d5bab7985
-# CVE-2015-20107
-#
-# Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
-#
-# Upstream: https://github.com/python/cpython/issues/68966
-#
-# Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
-Patch382: 00382-cve-2015-20107.patch
-
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -836,7 +826,6 @@ rm Lib/ensurepip/_bundled/*.whl
 %apply_patch -q %{PATCH329}
 %apply_patch -q %{PATCH353}
 %apply_patch -q %{PATCH378}
-%apply_patch -q %{PATCH382}
 
 # Remove all exe files to ensure we are not shipping prebuilt binaries
 # note that those are only used to create Microsoft Windows installers
@@ -2003,6 +1992,20 @@ fi
 # ======================================================
 
 %changelog
+* Tue Dec 13 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.16-1
+- Update to 3.9.16
+- Security fix for CVE-2022-45061
+Resolves: rhbz#2144072
+
+* Mon Nov 07 2022 Lumír Balhar <lbalhar@redhat.com> - 3.9.14-2
+- Fix for CVE-2022-42919
+Resolves: rhbz#2138705
+
+* Mon Sep 12 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.14-1
+- Update to 3.9.14
+- Security fixes for CVE-2020-10735 and CVE-2021-28861
+Resolves: rhbz#1834423, rhbz#2120642
+
 * Tue Jun 14 2022 Charalampos Stratakis <cstratak@redhat.com> - 3.9.13-1
 - Update to 3.9.13
 - Security fix for CVE-2015-20107
diff --git a/sources b/sources
index c02020d..6f91bb6 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (Python-3.9.13.tar.xz) = e9664e7f908092df11236b22465d217531d6f0378e88d889108d19fe77f28f46ffb629b8733f84b41409e255367321893a2b1bd64518930d9d8cae5d1b774d23
+SHA1 (Python-3.9.16.tar.xz) = 19acd6a341e4f2d7ff97c10c2eada258e9898624