diff --git a/spamassassin-3.4.2-fix-file-handle-leaks.patch b/spamassassin-3.4.2-fix-file-handle-leaks.patch
new file mode 100644
index 0000000..f0fd334
--- /dev/null
+++ b/spamassassin-3.4.2-fix-file-handle-leaks.patch
@@ -0,0 +1,18 @@
+--- a/spamc/spamc.c	2018/10/02 16:54:17	1842644
++++ b/spamc/spamc.c	2018/10/02 17:40:43	1842645
+@@ -616,6 +616,7 @@
+ 	        fprintf(stderr,"Exceeded max line size (%d) in %s\n",
+                         CONFIG_MAX_LINE_SIZE-2, config_file);
+ 	    }
++	    fclose(config);
+ 	    return EX_CONFIG;
+ 	}
+ 
+@@ -629,6 +630,7 @@
+             if (*combo_argc >= COMBO_ARGV_SIZE) {
+ 	        fprintf(stderr,"Exceeded max number of arguments (%d) in %s\n",
+ 	                COMBO_ARGV_SIZE, config_file);
++		fclose(config);
+ 	        return EX_CONFIG;
+             }
+             combo_argv[*combo_argc] = strdup(tok);
diff --git a/spamassassin-3.4.2-fix-use-after-free.patch b/spamassassin-3.4.2-fix-use-after-free.patch
new file mode 100644
index 0000000..8372d18
--- /dev/null
+++ b/spamassassin-3.4.2-fix-use-after-free.patch
@@ -0,0 +1,10 @@
+--- a/spamc/getopt.c	2018/09/20 06:52:49	1841432
++++ b/spamc/getopt.c	2018/09/20 07:18:53	1841433
+@@ -274,7 +274,6 @@
+             } else if(longopts[i].has_arg == optional_argument) {
+                if(((spamc_optind < argc) && (argv[spamc_optind]) && (argv[spamc_optind][0] != '-')) || 
+                      (opt != NULL)) {
+-		  free(opt);
+                   if(opt != NULL) {
+                      spamc_optarg = opt;
+                   } else {
diff --git a/spamassassin.spec b/spamassassin.spec
index 4d4591e..fec888d 100644
--- a/spamassassin.spec
+++ b/spamassassin.spec
@@ -60,7 +60,7 @@ Summary: Spam filter for email which can be invoked from mail delivery agents
 Name: spamassassin
 Version: 3.4.2
 #Release: 0.8.%%{prerev}%%{?dist}
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: ASL 2.0
 URL: https://spamassassin.apache.org/
 Source0: https://www.apache.org/dist/%{name}/source/%{real_name}-%{version}.tar.bz2
@@ -92,6 +92,8 @@ Patch0: spamassassin-3.3.2-gnupg2.patch
 Patch1: spamassassin-3.4.1-add-logfile-homedir-options.patch
 # Patches 100+ are SVN backports (DO NOT REUSE!)
 Patch100: spamassassin-3.4.2-fix-rawbody-rules-documentation.patch
+Patch101: spamassassin-3.4.2-fix-file-handle-leaks.patch
+Patch102: spamassassin-3.4.2-fix-use-after-free.patch
 # end of patches
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 %if %{use_systemd} == 0
@@ -212,6 +214,8 @@ To filter spam for all users, add that line to /etc/procmailrc
 %patch1 -p1
 # Patches 100+ are SVN backports (DO NOT REUSE!)
 %patch100 -p1
+%patch101 -p1
+%patch102 -p1
 # end of patches
 
 echo "RHEL=%{?rhel} FEDORA=%{?fedora}"
@@ -391,6 +395,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-8
+- Fix issues found by Coverity Scan
+
 * Tue Oct 01 2019 Ondřej Lysoněk <olysonek@redhat.com> - 3.4.2-7
 - Fix rawbody rules documentation