diff --git a/CVE-2023-32762-qtbase-5.15.patch b/CVE-2023-32762-qtbase-5.15.patch
new file mode 100644
index 0000000..eec93f0
--- /dev/null
+++ b/CVE-2023-32762-qtbase-5.15.patch
@@ -0,0 +1,13 @@
+--- a/src/network/access/qhsts.cpp
++++ b/src/network/access/qhsts.cpp
+@@ -364,8 +364,8 @@ quoted-pair    = "\" CHAR
+ bool QHstsHeaderParser::parse(const QList<QPair<QByteArray, QByteArray>> &headers)
+ {
+     for (const auto &h : headers) {
+-        // We use '==' since header name was already 'trimmed' for us:
+-        if (h.first == "Strict-Transport-Security") {
++        // We compare directly because header name was already 'trimmed' for us:
++        if (h.first.compare("Strict-Transport-Security", Qt::CaseInsensitive) == 0) {
+             header = h.second;
+             // RFC6797, 8.1:
+             //
diff --git a/CVE-2023-32763-qtbase-5.15.patch b/CVE-2023-32763-qtbase-5.15.patch
new file mode 100644
index 0000000..9685620
--- /dev/null
+++ b/CVE-2023-32763-qtbase-5.15.patch
@@ -0,0 +1,49 @@
+diff --git a/src/gui/painting/qfixed_p.h b/src/gui/painting/qfixed_p.h
+index 84659288..57d750a4 100644
+--- a/src/gui/painting/qfixed_p.h
++++ b/src/gui/painting/qfixed_p.h
+@@ -54,6 +54,7 @@
+ #include <QtGui/private/qtguiglobal_p.h>
+ #include "QtCore/qdebug.h"
+ #include "QtCore/qpoint.h"
++#include <QtCore/private/qnumeric_p.h>
+ #include "QtCore/qsize.h"
+ 
+ QT_BEGIN_NAMESPACE
+@@ -182,6 +183,14 @@ Q_DECL_CONSTEXPR inline bool operator<(int i, const QFixed &f) { return i * 64 <
+ Q_DECL_CONSTEXPR inline bool operator>(const QFixed &f, int i) { return f.value() > i * 64; }
+ Q_DECL_CONSTEXPR inline bool operator>(int i, const QFixed &f) { return i * 64 > f.value(); }
+ 
++inline bool qAddOverflow(QFixed v1, QFixed v2, QFixed *r)
++{
++    int val;
++    bool result = add_overflow(v1.value(), v2.value(), &val);
++    r->setValue(val);
++    return result;
++}
++
+ #ifndef QT_NO_DEBUG_STREAM
+ inline QDebug &operator<<(QDebug &dbg, const QFixed &f)
+ { return dbg << f.toReal(); }
+diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
+index 26ac37b0..f6c69ff4 100644
+--- a/src/gui/text/qtextlayout.cpp
++++ b/src/gui/text/qtextlayout.cpp
+@@ -2150,11 +2150,14 @@ found:
+         eng->maxWidth = qMax(eng->maxWidth, line.textWidth);
+     } else {
+         eng->minWidth = qMax(eng->minWidth, lbh.minw);
+-        eng->maxWidth += line.textWidth;
++        if (qAddOverflow(eng->maxWidth, line.textWidth, &eng->maxWidth))
++            eng->maxWidth = QFIXED_MAX;
+     }
+ 
+-    if (line.textWidth > 0 && item < eng->layoutData->items.size())
+-        eng->maxWidth += lbh.spaceData.textWidth;
++    if (line.textWidth > 0 && item < eng->layoutData->items.size()) {
++        if (qAddOverflow(eng->maxWidth, lbh.spaceData.textWidth, &eng->maxWidth))
++            eng->maxWidth = QFIXED_MAX;
++    }
+ 
+     line.textWidth += trailingSpace;
+     if (lbh.spaceData.length) {
diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index 8a58e59..5bc1df5 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -57,7 +57,7 @@
 Name:    qt5-qtbase
 Summary: Qt5 - QtBase components
 Version: 5.15.9
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, for exception details
 License: LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0
@@ -151,6 +151,9 @@ Patch103: qtbase-QTBUG-112136.patch
 # IBus input method cannot set panel position correctly with DPI scaling
 # https://bugreports.qt.io/browse/QTBUG-103393
 Patch104: qtbase-QTBUG-103393.patch
+Patch105: CVE-2023-32762-qtbase-5.15.patch
+Patch106: CVE-2023-32763-qtbase-5.15.patch
+
 
 # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires.
 # Those themes are there for platform integration. If the required libraries are
@@ -429,6 +432,7 @@ Qt5 libraries used for drawing widgets and OpenGL items.
 %patch -P102 -p1
 %patch -P103 -p1
 %patch -P104 -p1
+%patch -P105 -p1
 
 # move some bundled libs to ensure they're not accidentally used
 pushd src/3rdparty
@@ -1108,6 +1112,9 @@ fi
 
 
 %changelog
+* Mon May 15 2023 Jan Grulich <jgrulich@redhat.com> - 5.15.9-3
+- Fix CVE-2023-32762 and CVE-2023-32763
+
 * Fri May 05 2023 Than Ngo <than@redhat.com> - 5.15.9-2
 - backport, IBus input method cannot set panel position correctly with DPI scaling
 
diff --git a/qtbase-QTBUG-89977.patch b/qtbase-QTBUG-89977.patch
deleted file mode 100644
index cfaac11..0000000
--- a/qtbase-QTBUG-89977.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h.foo qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h
---- qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h.foo	2020-10-27 03:02:11.000000000 -0500
-+++ qtbase-everywhere-src-5.15.2/src/corelib/text/qbytearray.h	2021-02-06 17:05:04.879201352 -0600
-@@ -51,6 +49,7 @@
- 
- #include <string>
- #include <iterator>
-+#include <limits>
- 
- #ifdef truncate
- #error qbytearray.h must be included before any header file that defines truncate
diff --git a/qtbase-QTBUG-90395.patch b/qtbase-QTBUG-90395.patch
deleted file mode 100644
index cc4bb6e..0000000
--- a/qtbase-QTBUG-90395.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -up qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h.QTBUG-90395 qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h
---- qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h.QTBUG-90395	2020-10-27 03:02:11.000000000 -0500
-+++ qtbase-everywhere-src-5.15.2/src/corelib/global/qendian.h	2021-02-06 16:36:27.072105717 -0600
-@@ -44,6 +44,8 @@
- #include <QtCore/qfloat16.h>
- #include <QtCore/qglobal.h>
- 
-+#include <limits>
-+
- // include stdlib.h and hope that it defines __GLIBC__ for glibc-based systems
- #include <stdlib.h>
- #include <string.h>
-diff -up qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h.QTBUG-90395 qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h
---- qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h.QTBUG-90395	2021-02-06 16:36:27.074105730 -0600
-+++ qtbase-everywhere-src-5.15.2/src/corelib/global/qfloat16.h	2021-02-06 16:37:19.212440114 -0600
-@@ -43,6 +43,7 @@
- 
- #include <QtCore/qglobal.h>
- #include <QtCore/qmetatype.h>
-+#include <limits>
- #include <string.h>
- 
- #if defined(QT_COMPILER_SUPPORTS_F16C) && defined(__AVX2__) && !defined(__F16C__)
diff --git a/qtbase-QTBUG-91909.patch b/qtbase-QTBUG-91909.patch
deleted file mode 100644
index 32cd8a4..0000000
--- a/qtbase-QTBUG-91909.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 659f7a06e91c04b239e3f4c0bcfccbe3581af1c3 Mon Sep 17 00:00:00 2001
-From: Sona Kurazyan <sona.kurazyan@qt.io>
-Date: Wed, 17 Mar 2021 16:04:00 +0100
-Subject: [PATCH] Remove the unnecessary template parameter from the class specialization
-
-This seems to cause errors when compiling with gcc-11. Although this is
-most likely a compiler bug, specifiying the template parameter type in
-this case isn't necessary.
-
-Fixes: QTBUG-91909
-Fixes: QTBUG-90568
-Pick-to: 6.0 6.1 5.15
-Change-Id: Ib231257ccb2e16cc533f23ca5840d31e26a66d53
-Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
----
-
-diff --git a/src/concurrent/qtconcurrentthreadengine.h b/src/concurrent/qtconcurrentthreadengine.h
-index cbd8ad04..4cd5b85 100644
---- a/src/concurrent/qtconcurrentthreadengine.h
-+++ b/src/concurrent/qtconcurrentthreadengine.h
-@@ -256,8 +256,8 @@
- class ThreadEngineStarter<void> : public ThreadEngineStarterBase<void>
- {
- public:
--    ThreadEngineStarter<void>(ThreadEngine<void> *_threadEngine)
--    :ThreadEngineStarterBase<void>(_threadEngine) {}
-+    ThreadEngineStarter(ThreadEngine<void> *_threadEngine)
-+        : ThreadEngineStarterBase<void>(_threadEngine) {}
- 
-     void startBlocking()
-     {
diff --git a/qtbase-emit-qscreen-geometry-changed-when-logical-dpi-changes.patch b/qtbase-emit-qscreen-geometry-changed-when-logical-dpi-changes.patch
deleted file mode 100644
index 0b9d6d3..0000000
--- a/qtbase-emit-qscreen-geometry-changed-when-logical-dpi-changes.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-diff --git a/src/gui/kernel/qguiapplication.cpp b/src/gui/kernel/qguiapplication.cpp
-index d294cc38..dd31e31c 100644
---- a/src/gui/kernel/qguiapplication.cpp
-+++ b/src/gui/kernel/qguiapplication.cpp
-@@ -3155,13 +3155,14 @@ void QGuiApplicationPrivate::processScreenGeometryChange(QWindowSystemInterfaceP
-     bool availableGeometryChanged = e->availableGeometry != s->d_func()->availableGeometry;
-     s->d_func()->availableGeometry = e->availableGeometry;
- 
--    if (geometryChanged) {
--        Qt::ScreenOrientation primaryOrientation = s->primaryOrientation();
-+    const Qt::ScreenOrientation primaryOrientation = s->primaryOrientation();
-+    if (geometryChanged)
-         s->d_func()->updatePrimaryOrientation();
- 
--        emit s->geometryChanged(s->geometry());
-+    s->d_func()->emitGeometryChangeSignals(geometryChanged, availableGeometryChanged);
-+
-+    if (geometryChanged) {
-         emit s->physicalSizeChanged(s->physicalSize());
--        emit s->physicalDotsPerInchChanged(s->physicalDotsPerInch());
-         emit s->logicalDotsPerInchChanged(s->logicalDotsPerInch());
- 
-         if (s->primaryOrientation() != primaryOrientation)
-@@ -3171,8 +3172,6 @@ void QGuiApplicationPrivate::processScreenGeometryChange(QWindowSystemInterfaceP
-             updateFilteredScreenOrientation(s);
-     }
- 
--    s->d_func()->emitGeometryChangeSignals(geometryChanged, availableGeometryChanged);
--
-     resetCachedDevicePixelRatio();
- }
- 
-diff --git a/src/gui/kernel/qscreen.cpp b/src/gui/kernel/qscreen.cpp
-index df628fcc..a1afc1ba 100644
---- a/src/gui/kernel/qscreen.cpp
-+++ b/src/gui/kernel/qscreen.cpp
-@@ -88,6 +88,9 @@ void QScreenPrivate::updateGeometriesWithSignals()
- void QScreenPrivate::emitGeometryChangeSignals(bool geometryChanged, bool availableGeometryChanged)
- {
-     Q_Q(QScreen);
-+    if (geometryChanged)
-+        emit q->geometryChanged(geometry);
-+
-     if (availableGeometryChanged)
-         emit q->availableGeometryChanged(availableGeometry);
- 
-@@ -96,6 +99,9 @@ void QScreenPrivate::emitGeometryChangeSignals(bool geometryChanged, bool availa
-         for (QScreen* sibling : siblings)
-             emit sibling->virtualGeometryChanged(sibling->virtualGeometry());
-     }
-+
-+    if (geometryChanged)
-+        emit q->physicalDotsPerInchChanged(q->physicalDotsPerInch());
- }
- 
- void QScreenPrivate::setPlatformScreen(QPlatformScreen *screen)
diff --git a/qtbase-filechooser-portal-send-window-id-in-hex.patch b/qtbase-filechooser-portal-send-window-id-in-hex.patch
deleted file mode 100644
index 4203036..0000000
--- a/qtbase-filechooser-portal-send-window-id-in-hex.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From acaabc9108dfe75530960cf8e3ec4f3602cd82e0 Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich@redhat.com>
-Date: Mon, 08 Mar 2021 12:29:21 +0100
-Subject: [PATCH] FileChooser portal: send window id in hex
-
-We send window id in decimal, however, it is expected to be send in hex.
-This causes a mismatch and makes portal dialog to show in background.
-
-Pick-to: 5.15 6.0 6.1
-Change-Id: Ibd77199bbb4a2ad4782a0457ddc5506c6b5608fe
-Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
----
-
-diff --git a/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp b/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp
-index ec153f6..85bdd1a 100644
---- a/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp
-+++ b/src/plugins/platformthemes/xdgdesktopportal/qxdgdesktopportalfiledialog.cpp
-@@ -185,7 +185,7 @@
-                                                           QLatin1String("/org/freedesktop/portal/desktop"),
-                                                           QLatin1String("org.freedesktop.portal.FileChooser"),
-                                                           d->saveFile ? QLatin1String("SaveFile") : QLatin1String("OpenFile"));
--    QString parentWindowId = QLatin1String("x11:") + QString::number(d->winId);
-+    QString parentWindowId = QLatin1String("x11:") + QString::number(d->winId, 16);
- 
-     QVariantMap options;
-     if (!d->acceptLabel.isEmpty())