diff --git a/python-2.5-tkinter.patch b/python-2.5-tkinter.patch
new file mode 100644
index 0000000..f040ca1
--- /dev/null
+++ b/python-2.5-tkinter.patch
@@ -0,0 +1,11 @@
+--- Python-2.5-orig/Modules/_tkinter.c	2006-08-11 22:33:36.000000000 -0400
++++ Python-2.5/Modules/_tkinter.c	2007-10-19 01:04:42.000000000 -0400
+@@ -938,7 +938,7 @@
+ #if defined(Py_UNICODE_WIDE) && TCL_UTF_MAX == 3
+ 		Tcl_UniChar *outbuf;
+ 		Py_ssize_t i;
+-		assert(size < size * sizeof(Tcl_UniChar));
++		assert(size == 0 || size < size * sizeof(Tcl_UniChar));
+ 		outbuf = (Tcl_UniChar*)ckalloc(size * sizeof(Tcl_UniChar));
+ 		if (!outbuf) {
+ 			PyErr_NoMemory();
diff --git a/python-2.5.CVE-2007-4965-int-overflow.patch b/python-2.5.CVE-2007-4965-int-overflow.patch
new file mode 100644
index 0000000..ad26707
--- /dev/null
+++ b/python-2.5.CVE-2007-4965-int-overflow.patch
@@ -0,0 +1,221 @@
+diff -ru Python-2.5-orig/Modules/imageop.c Python-2.5/Modules/imageop.c
+--- Python-2.5-orig/Modules/imageop.c	2006-01-19 01:09:39.000000000 -0500
++++ Python-2.5/Modules/imageop.c	2007-10-19 01:11:33.000000000 -0400
+@@ -78,7 +78,7 @@
+ 	char *cp, *ncp;
+ 	short *nsp;
+ 	Py_Int32 *nlp;
+-	int len, size, x, y, newx1, newx2, newy1, newy2;
++	int len, size, x, y, newx1, newx2, newy1, newy2, nlen;
+ 	int ix, iy, xstep, ystep;
+ 	PyObject *rv;
+ 
+@@ -90,13 +90,19 @@
+ 		PyErr_SetString(ImageopError, "Size should be 1, 2 or 4");
+ 		return 0;
+ 	}
+-	if ( len != size*x*y ) {
++	if (( len != size*x*y ) ||
++            ( size != ((len / x) / y) )) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+ 	xstep = (newx1 < newx2)? 1 : -1;
+ 	ystep = (newy1 < newy2)? 1 : -1;
+     
++        nlen = (abs(newx2-newx1)+1)*(abs(newy2-newy1)+1)*size;
++        if ( size != ((nlen / (abs(newx2-newx1)+1)) / (abs(newy2-newy1)+1)) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	rv = PyString_FromStringAndSize(NULL,
+ 			     (abs(newx2-newx1)+1)*(abs(newy2-newy1)+1)*size);
+ 	if ( rv == 0 )
+@@ -132,7 +138,7 @@
+ 	char *cp, *ncp;
+ 	short *nsp;
+ 	Py_Int32 *nlp;
+-	int len, size, x, y, newx, newy;
++	int len, size, x, y, newx, newy, nlen;
+ 	int ix, iy;
+ 	int oix, oiy;
+ 	PyObject *rv;
+@@ -145,12 +151,18 @@
+ 		PyErr_SetString(ImageopError, "Size should be 1, 2 or 4");
+ 		return 0;
+ 	}
+-	if ( len != size*x*y ) {
++	if ( ( len != size*x*y ) ||
++             ( size != ((len / x) / y) ) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
++        nlen = newx*newy*size;
++	if ( size != ((nlen / newx) / newy) ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+     
+-	rv = PyString_FromStringAndSize(NULL, newx*newy*size);
++	rv = PyString_FromStringAndSize(NULL, nlen);
+ 	if ( rv == 0 )
+ 		return 0;
+ 	ncp = (char *)PyString_AsString(rv);
+@@ -190,7 +202,8 @@
+ 		PyErr_SetString(ImageopError, "Size should be 1 or 4");
+ 		return 0;
+ 	}
+-	if ( maxx*maxy*width != len ) {
++	if ( ( maxx*maxy*width != len ) ||
++             ( maxx != ((len / maxy) / width) ) ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+@@ -240,7 +253,8 @@
+ 	if ( !PyArg_ParseTuple(args, "s#iii", &cp, &len, &x, &y, &tres) )
+ 		return 0;
+ 
+-	if ( x*y != len ) {
++	if ( ( x*y != len ) ||
++             ( x != len / y ) ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+@@ -281,7 +295,8 @@
+ 	if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
+ 		return 0;
+ 
+-	if ( x*y != len ) {
++	if ( ( x*y != len ) ||
++             ( x != len / y ) ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+@@ -320,7 +335,8 @@
+ 	if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
+ 		return 0;
+ 
+-	if ( x*y != len ) {
++	if ( ( x*y != len ) ||
++             ( x != len / y ) ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+@@ -358,7 +374,8 @@
+ 	if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
+ 		return 0;
+ 
+-	if ( x*y != len ) {
++	if ( ( x*y != len ) ||
++             ( x != len / y ) ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+@@ -404,7 +421,8 @@
+ 	if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
+ 		return 0;
+ 
+-	if ( x*y != len ) {
++	if ( ( x*y != len ) ||
++             ( x != len / y ) ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+ 	}
+@@ -443,7 +461,11 @@
+ 	if ( !PyArg_ParseTuple(args, "s#iiii", &cp, &len, &x, &y, &v0, &v1) )
+ 		return 0;
+ 
+-	nlen = x*y;
++        nlen = x*y;
++	if ( x != (nlen / y) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	if ( (nlen+7)/8 != len ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+@@ -481,6 +503,10 @@
+ 		return 0;
+ 
+ 	nlen = x*y;
++	if ( x != (nlen / y) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	if ( (nlen+3)/4 != len ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+@@ -517,6 +543,10 @@
+ 		return 0;
+ 
+ 	nlen = x*y;
++	if ( x != (nlen / y) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	if ( (nlen+1)/2 != len ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+@@ -554,6 +584,10 @@
+ 		return 0;
+ 
+ 	nlen = x*y;
++	if ( x != (nlen / y) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	if ( nlen*4 != len ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+@@ -598,6 +632,10 @@
+ 		return 0;
+ 
+ 	nlen = x*y;
++	if ( x != (nlen / y) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	if ( nlen != len ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+@@ -648,6 +686,10 @@
+ 		return 0;
+ 
+ 	nlen = x*y;
++	if ( x != (nlen / y) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	if ( nlen*4 != len ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+@@ -693,6 +735,10 @@
+ 		return 0;
+ 
+ 	nlen = x*y;
++	if ( x != (nlen / y) ) {
++		PyErr_SetString(ImageopError, "String has incorrect length");
++		return 0;
++	}
+ 	if ( nlen != len ) {
+ 		PyErr_SetString(ImageopError, "String has incorrect length");
+ 		return 0;
+Only in Python-2.5/Modules: imageop.c~
+Only in Python-2.5/Modules: imageop.c.cve2007-4965
+diff -ru Python-2.5-orig/Modules/rgbimgmodule.c Python-2.5/Modules/rgbimgmodule.c
+--- Python-2.5-orig/Modules/rgbimgmodule.c	2006-08-11 23:18:50.000000000 -0400
++++ Python-2.5/Modules/rgbimgmodule.c	2007-10-19 01:05:44.000000000 -0400
+@@ -299,6 +299,11 @@
+ 	xsize = image.xsize;
+ 	ysize = image.ysize;
+ 	zsize = image.zsize;
++	tablen = xsize * ysize * zsize * sizeof(Py_Int32);
++        if (xsize != (((tablen / ysize) / zsize) / sizeof(Py_Int32))) {
++		PyErr_NoMemory();
++		goto finally;
++        }
+ 	if (rle) {
+ 		tablen = ysize * zsize * sizeof(Py_Int32);
+ 		starttab = (Py_Int32 *)malloc(tablen);
+Only in Python-2.5/Modules: rgbimgmodule.c.cve2007-4965
+Only in Python-2.5/Modules: _tkinter.c.tkinter
diff --git a/python.spec b/python.spec
index 17442c0..077d849 100644
--- a/python.spec
+++ b/python.spec
@@ -21,7 +21,7 @@ Summary: An interpreted, interactive, object-oriented programming language.
 Name: %{python}
 #Version: %{pybasever}.3
 Version: 2.5
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: Python Software Foundation License v2 
 Group: Development/Languages
 Provides: python-abi = %{pybasever}
@@ -37,6 +37,7 @@ Patch5: python-2.5-cflags.patch
 Patch6: python-db45.patch
 Patch7: python-ctypes-execstack.patch
 Patch8: python-2.5-xmlrpclib-marshal-objects.patch
+Patch9: python-2.5-tkinter.patch
 
 # upstreamed
 Patch25: python-syslog-fail-noatexittb.patch
@@ -49,6 +50,8 @@ Patch50: python-2.5-disable-egginfo.patch
 Patch101: python-2.3.4-lib64-regex.patch
 Patch102: python-2.5-lib64.patch
 
+Patch999: python-2.5.CVE-2007-4965-int-overflow.patch
+
 %if %{main_python}
 Obsoletes: Distutils
 Provides: Distutils
@@ -93,6 +96,8 @@ package.
 Summary: The libraries for python runtime
 Group: Applications/System
 Requires: %{python} = %{version}-%{release}
+# Needed for ctypes, to load libraries
+Requires: binutils
 
 %description libs
 The python interpreter can be embedded into applications wanting to 
@@ -176,11 +181,15 @@ user interface for Python programming.
 %patch102 -p1 -b .lib64
 %endif
 
+%patch9 -p1 -b .tkinter
+
 %ifarch alpha ia64
 # 64bit, but not lib64 arches need this too...
 %patch101 -p1 -b .lib64-regex
 %endif
 
+%patch999 -p1 -b .cve2007-4965
+
 # This shouldn't be necesarry, but is right now (2.2a3)
 find -name "*~" |xargs rm -f
 
@@ -423,6 +432,14 @@ rm -fr $RPM_BUILD_ROOT
 %{_libdir}/python%{pybasever}/lib-dynload/_tkinter.so
 
 %changelog
+* Fri Oct 19 2007 James Antill <jantill@redhat.com> - 2.5.3-14
+- Add tkinter patch
+- Resolves: #281751
+- Fix ctypes loading of libraries, add requires on binutils
+- Resolves: #307221
+- Possible fix for CVE-2007-4965 possible exploitable integer overflow
+- Resolves: #295971
+
 * Tue Oct 18 2007 Mike Bonnet <mikeb@redhat.com> - 2.5.3-13
 - fix marshalling of objects in xmlrpclib (python bug #1739842)