diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index f85bdff..01e46f7 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.8
-Release:    17%{?dist}
+Release:    19%{?dist}
 Epoch:      1
 
 License:    BSD
@@ -56,6 +56,11 @@ Patch27:    net-snmp-5.8-ipAddress-faster-load.patch
 Patch28:    net-snmp-5.8-rpm-memory-leak.patch
 Patch29:    net-snmp-5.8-sec-memory-leak.patch
 Patch30:    net-snmp-5.8-aes-config.patch
+Patch31:    net-snmp-5.7.2-CVE-2020-15862.patch
+Patch32:    net-snmp-5.8-bulk.patch
+Patch33:    net-snmp-5.8-clientaddr-error-message.patch
+Patch34:    net-snmp-5.8-ipv6-disabled.patch
+Patch35:    net-snmp-5.8-empty-passphrase.patch
 
 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@@ -211,6 +216,11 @@ rm -r python
 %patch28 -p1 -b .rpm-memory-leak
 %patch29 -p1 -b .sec-memory-leak
 %patch30 -p1 -b .aes-config
+%patch31 -p1 -b .CVE-2020-15862
+%patch32 -p1 -b .bulk
+%patch33 -p1 -b .clientaddr-error-message
+%patch34 -p1 -b .ipv6-disabled
+%patch35 -p1 -b .empty-passphrase
 
 %patch101 -p1 -b .modern-rpm-api
 
@@ -389,8 +399,8 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %doc README.thread AGENT.txt PORTING local/README.mib2c
 %doc IETF-MIB-LICENSE.txt
 %dir %{_sysconfdir}/snmp
-%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmpd.conf
-%config(noreplace) %attr(0650,root,root) %{_sysconfdir}/snmp/snmptrapd.conf
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmpd.conf
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/snmp/snmptrapd.conf
 %{_bindir}/snmpconf
 %{_bindir}/net-snmp-create-v3-user
 %{_sbindir}/*
@@ -465,6 +475,17 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*
 
 %changelog
+* Tue Dec 01 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-19
+- revert permission of config files to 600 (#1601060)
+- fix error message when the address specified by clientaddr option
+  is wrong or cannot be bound (#1877375)
+- log error with /proc/net/if_inet6 only when IPv6 is enabled (#1824367)
+- fix issue with quoting empty passphrase (#1817225)
+
+* Wed Nov 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-18
+- fix CVE-2020-15862 (#1875497)
+- fix bulk responses for invalid PID (#1817190)
+
 * Tue Aug 11 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-17
 - add math library in LDFLAGS (#1846252)
 
@@ -524,7 +545,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 
 * Mon Aug 13 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-2
 - fix default configuration file (#1589480 and #1594147)
-- modify permissions for /var/log files (#1601060)
+- modify permissions for config files (#1601060)
 
 * Thu Aug 09 2018 Josef Ridky <jridky@redhat.com> - 1:5.8-1
 - remove python package and update to the last upstream version (#1584510)