diff --git a/SOURCES/README.RHEL.Fedora b/SOURCES/README.RHEL.Fedora
index a504866..c4f64e0 100644
--- a/SOURCES/README.RHEL.Fedora
+++ b/SOURCES/README.RHEL.Fedora
@@ -26,9 +26,6 @@ override the daemon check in /etc/sysconfig/sa-update
 All sa-update channels are defined in files contained in this directory.
 See the existing config files as examples for writing your own config file.
 
-4) SOUGHT Anti-Fraud Rule Channel is Enabled by Default
-http://wiki.apache.org/spamassassin/SoughtRules
-
 General Warnings
 ================
 * DO NOT USE SARE or OpenProtect rules.  They are old and outdated, and
diff --git a/SOURCES/sought.conf b/SOURCES/sought.conf
deleted file mode 100644
index f24d6c9..0000000
--- a/SOURCES/sought.conf
+++ /dev/null
@@ -1,47 +0,0 @@
-# http://wiki.apache.org/spamassassin/SoughtRules
-CHANNELURL=sought.rules.yerp.org
-KEYID=6C6191E3
-# Ignore everything below.
-return 0
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.1 (GNU/Linux)
-
-mQGiBEa/l+YRBACC+uJfIThEoEWrNxdDD/1tAwb5L8v7H3gGt+LtuOwwn5ZU7XsT
-s1DOok1oZVRnTQJYdlth7QlU9wqijwLEVzW1LDWnxXXKwPmlTlkcdGoBcb+cBbYI
-miJ/TlAetvbprcZdROS4Ey31GjPRmWPPnVE2Xcwy+e4+RmnhqfZBmOaE7wCgo1GG
-pkik2OPD1le4LGGOGHL5HiED/0TyvTiSS3NnUtoDFQAPrnezOCjxv8zMjYEnJs/I
-h7uyIgHRsbB75cD2O1LWyO8Vz8r/snVuG35zcZagPf/7Tc9AJoaxVmCIk9DEmWZp
-iuvqpMhwHAbNvY3jY2oKsDl1rNx0IIctoJwjXia99kvNTHK/Yz/HqhIyLModhiMB
-aYYZA/wIdPOHGHaP5vjlbWBwGlRR9m0Rf4ob5sul8MjCyehOYcRVLwfOEfzX308v
-0enOGnbbBKXU2QvA0Z068aBmJkJaaPhlIjZApQJDsb7pt6k8jMPj/Xpr779wAFQ8
-IZC7Tw21OtqkjrUb3dZlEljrTwWNc6FVxuIidBBg7HCdP24WKLRESnVzdGluIE1h
-c29uIFNpZ25pbmcgS2V5IChDb2RlIFNpZ25pbmcgT25seSkgPHNpZ25pbmdrZXlA
-am1hc29uLm9yZz6IZAQTEQIAJAUCRr+X5gIbAwUJEswDAAYLCQgHAwIDFQIDAxYC
-AQIeAQIXgAAKCRDchTQfbGGR4/GJAKCC6X6AF8nM+H00b/XeZl9vYihXBgCcDYuU
-AtXjWWxndkneakmbnD0O4Z25BA0ERr+YdxAQAIYYUQHMzVsRAzpIRLfni0aeczrr
-armwXMJ8y5p74lVLbJyQOjkQyIJWP80twrN8SjNyUFBr/52SlOPOuAbGZY1ZKpux
-vkbsug2wWvkoj8xGjnexrSDahRgpNhf/otLRNTyUFZTM6mjZt0ItnYDl6xszY4kd
-O5rVzjQuivNB4BsHcd8qQ7zVo9+VZ5R77iM4dtk6t5ycpXlAom5pD8qLb7ZzTVe0
-SuhzOeynF51rwjS+wa3hzZisvJqZA5uJcAyYslgP1UTW+2e5wutSktSZmL/XnlEF
-p86GPjAgDPL2Q0TgzVL6sPt0blNCyzOJrcBqBHrgZfraYgqtmGepLpk72q4VD23c
-aV2wTqjnfJAsNR3y8jgVNwF8LpXtlbxrBByFRwEqsc/gzdMEnJ728XBDqT2IhZLY
-maL/WxiDKNWD/Mae69HTyInIYgrfT7nJKDeKQA81+e5+UmqBVoi5/AICMlDm1DgR
-gG6bbOXGhLVPh+gHjGG4Jdd/ZLedncUsjW9KyK261sqM3tSDSfgnF99w2/32ToFu
-ChN8JOfQ6VZ7QbL1BWRtQWZ3tyauUUXmsrYDv1w1nx51MqxQdlitnmTRWaRW0GmD
-b5XapJfSK+FiGXaynl3HHxHHpcUauX9zBa/LRp8oXiGPLfJEWmjWcGCyGZawASj3
-pTTJUnbkYs0fUyUXAAQND/42mh8f3mTA+24I3lY4K8mxH9GSFgOkLoYwok8xL5Md
-OUJAyvs34ixqvM2u560YJkegEO/xzg2abddfoqL8eNnjfvG3bI7KOCT+m+mM/5Cg
-ul8XFSnHIEivuOXNtc/x/dwYSidKM8atkdpKtv++psd6hVbJQMfLlzf0S2QyiaGk
-yXur/pM3A97lvkjAgvIKQt8NbJ/sITFlrN2TFxcbE8OED7LC4nBo54TJ1AxVsHlT
-LB5XPKU8pBv0fABZrNKxf6a2iXx9jT9sSYdnb0y+hBjnoWZUNbhxo6jpAqt1quUy
-buGWugvG8J75JvT6X+lwEEkg1lplmm+HuaFtegOqTUTKmffKduY+E00le+3Kh8gW
-bLR8P1qp/xnxQxZJYcQ+mT4QsYpj6Pkcj0ON3NQO5wP6dr2UGhGcSzS2Cxv8TERN
-7HSdFbFXQWPCekx+i7OjeRSY/XTUf2zYquPNP2oU0MjgnXhnkHq+6EaQPpM59fMd
-MyLeOiUMOxpPOkeaAC8Ku0Oj2aZU/eyizuBDnhq1PAxBprSW5SSkxP4kz9BnA42x
-tkMKMzzPohdfMIRI6zSu0chr76w2UeoViSsMtmWnR6qAXbQvzR+HHxhhB/Rzp6Gc
-u9gybrv58IBkybn5ztST6NqgIgcQ/E7XIsB0Eooohfw+QiPlCdoghSxspbzwqcEZ
-B4hPBBgRAgAPBQJGv5h3AhsMBQkSzAMAAAoJENyFNB9sYZHjUh0AnA3u5TNYHGLQ
-DXLPP0qWHkTeOz8dAJ4wkrLBTaXz3CPCjoTdoBiQsNt3fw==
-=nK43
------END PGP PUBLIC KEY BLOCK-----
diff --git a/SOURCES/spamassassin-3.4.2-fix-CVE-2019-12420.patch b/SOURCES/spamassassin-3.4.2-fix-CVE-2019-12420.patch
new file mode 100644
index 0000000..4c55b23
--- /dev/null
+++ b/SOURCES/spamassassin-3.4.2-fix-CVE-2019-12420.patch
@@ -0,0 +1,25 @@
+diff -urp Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm
+--- Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Message.pm	2018-09-14 03:27:51.000000000 +0200
++++ Mail-SpamAssassin-3.4.2.new/lib/Mail/SpamAssassin/Message.pm	2020-04-09 15:17:34.300986337 +0200
+@@ -876,6 +876,7 @@ sub _parse_multipart {
+   my $header;
+   my $part_array;
+   my $found_end_boundary;
++  my $partcnt = 0;
+ 
+   my $line_count = @{$body};
+   foreach ( @{$body} ) {
+@@ -948,6 +949,13 @@ sub _parse_multipart {
+ 	}
+       }
+ 
++      # Maximum parts to process
++      if (++$partcnt == 1000) {
++        dbg("message: mimepart limit exceeded, stopping parsing");
++        $self->{'mimepart_limit_exceeded'} = 1;
++        return;
++      }
++
+       # make sure we start with a new clean node
+       $in_body  = 0;
+       $part_msg = Mail::SpamAssassin::Message::Node->new({ normalize=>$self->{normalize} });
diff --git a/SPECS/spamassassin.spec b/SPECS/spamassassin.spec
index aa26a44..be1a3e4 100644
--- a/SPECS/spamassassin.spec
+++ b/SPECS/spamassassin.spec
@@ -60,7 +60,7 @@ Summary: Spam filter for email which can be invoked from mail delivery agents
 Name: spamassassin
 Version: 3.4.2
 #Release: 0.8.%%{prerev}%%{?dist}
-Release: 7%{?dist}
+Release: 9%{?dist}
 License: ASL 2.0
 Group: Applications/Internet
 URL: https://spamassassin.apache.org/
@@ -78,7 +78,6 @@ Source8: sa-update.cronscript
 Source9: sa-update.force-sysconfig
 Source10: spamassassin-helper.sh
 Source11: spamassassin-official.conf
-Source12: sought.conf
 Source13: README.RHEL.Fedora
 %if %{use_systemd}
 Source14: spamassassin.service
@@ -100,6 +99,7 @@ Patch3: 0001-Drop-the-ResourceLimits-plugin.patch
 Patch100: spamassassin-3.4.2-fix-use-after-free.patch
 Patch101: spamassassin-3.4.2-fix-file-handle-leaks.patch
 Patch102: spamassassin-3.4.2-fix-rawbody-rules-documentation.patch
+Patch103: spamassassin-3.4.2-fix-CVE-2019-12420.patch
 
 # end of patches
 
@@ -212,6 +212,7 @@ rm -f lib/Mail/SpamAssassin/Plugin/ResourceLimits.pm
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
+%patch103 -p1
 
 # end of patches
 
@@ -295,7 +296,6 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/spamassassin
 mkdir   -m 0700             $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys/
 mkdir   -m 0755             $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
 install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
-install -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d/
 
 install -m 0644 %{SOURCE13} $RPM_BUILD_DIR/Mail-SpamAssassin-%{version}/
 %if %{razor_deps}
@@ -396,6 +396,14 @@ exit 0
 %endif
 
 %changelog
+* Thu Apr 09 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-9
+- Fix CVE-2019-12420
+- Resolves: rhbz#1812977
+
+* Wed Mar 18 2020 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-8
+- Removed the obsolete SOUGHT channel for rule updates
+- Resolves: rhbz#1630362
+
 * Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-7
 - Fix rawbody rules documentation
 - Resolves: rhbz#1639251