diff --git a/SOURCES/xterm-CVE-2021-27135.patch b/SOURCES/xterm-CVE-2021-27135.patch
new file mode 100644
index 0000000..4960840
--- /dev/null
+++ b/SOURCES/xterm-CVE-2021-27135.patch
@@ -0,0 +1,56 @@
+diff --git a/button.c b/button.c
+index ac1f742..4e8554d 100644
+--- a/button.c
++++ b/button.c
+@@ -3802,6 +3802,7 @@ SaltTextAway(XtermWidget xw,
+     TScreen *screen = TScreenOf(xw);
+     int i, j = 0;
+     int eol;
++	size_t have = 0;
+     Char *line;
+     Char *lp;
+     CELL first = *cellc;
+@@ -3827,7 +3828,11 @@ SaltTextAway(XtermWidget xw,
+ 
+     /* UTF-8 may require more space */
+     if_OPT_WIDE_CHARS(screen, {
+-	j *= 4;
++	if (j > 0) {
++	    if (screen->max_combining > 0)
++		j += screen->max_combining;
++	    j *= 6;
++	}
+     });
+ 
+     /* now get some memory to save it in */
+@@ -3864,10 +3869,27 @@ SaltTextAway(XtermWidget xw,
+     }
+     *lp = '\0';			/* make sure we have end marked */
+ 
+-    TRACE(("Salted TEXT:%d:%s\n", (int) (lp - line),
+-	   visibleChars(line, (unsigned) (lp - line))));
++    have = (size_t) (lp - line);
++    /*
++     * Scanning the buffer twice is unnecessary.  Discard unwanted memory if
++     * the estimate is too-far off.
++     */
++    if ((have * 2) < (size_t) j) {
++		Char *next;
++		screen->selection_size = have + 1;
++		next = realloc(line, screen->selection_size);
++		if (next == NULL) {
++			free(line);
++			screen->selection_length = 0;
++			screen->selection_size = 0;
++		}
++		screen->selection_data = next;
++    }
++
++	screen->selection_length = have;
+ 
+-    screen->selection_length = (unsigned long) (lp - line);
++    TRACE(("Salted TEXT:%u:%s\n", (unsigned) have,
++	   visibleChars(screen->selection_data, (unsigned) have)));
+ }
+ 
+ #if OPT_PASTE64
diff --git a/SPECS/xterm.spec b/SPECS/xterm.spec
index 5b277cf..73ac35d 100644
--- a/SPECS/xterm.spec
+++ b/SPECS/xterm.spec
@@ -1,7 +1,7 @@
 Summary: Terminal emulator for the X Window System
 Name: xterm
 Version: 331
-Release: 1%{?dist}
+Release: 1%{?dist}.2
 URL: https://invisible-island.net/xterm
 License: MIT
 Group: User Interface/X
@@ -17,6 +17,7 @@ Source1: ftp://ftp.invisible-island.net/xterm/16colors.txt
 Patch1: xterm-resources.patch
 Patch2: xterm-desktop.patch
 Patch3: xterm-man-paths.patch
+Patch4: xterm-CVE-2021-27135.patch
 
 %bcond_with trace
 
@@ -40,6 +41,7 @@ indicate the current size of the window from which the command is run.
 %patch1 -p1 -b .resources
 %patch2 -p1 -b .desk
 %patch3 -p1 -b .man-paths
+%patch4 -p1 -b .CVE-2021-27135
 
 for f in THANKS; do
 	iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -101,6 +103,14 @@ install -m644 -p xterm.appdata.xml $RPM_BUILD_ROOT%{_datadir}/appdata
 %{_mandir}/man1/resize.1*
 
 %changelog
+* Fri Feb 12 2021 Tomas Korbar <tkorbar@redhat.com> - 331-1.2
+- Fix issue found by covcan
+- Related: rhbz#1927567
+
+* Thu Feb 11 2021 Tomas Korbar <tkorbar@redhat.com> - 331-1.1
+- Backport security fix for CVE-2021-27135
+- Resolves: rhbz#1927567
+
 * Thu Mar 29 2018 Miroslav Lichvar <mlichvar@redhat.com> 331-1
 - update to 331
 - add gcc to build requirements