diff --git a/files/gperf-size_t.patch b/files/gperf-size_t.patch
new file mode 100644
--- /dev/null
+++ b/files/gperf-size_t.patch
@@ -0,0 +1,25 @@
+Index: libid3tag-0.15.1b/frametype.h
+===================================================================
+--- libid3tag-0.15.1b.orig/frametype.h
++++ libid3tag-0.15.1b/frametype.h
+@@ -37,6 +37,6 @@ extern struct id3_frametype const id3_fr
+ extern struct id3_frametype const id3_frametype_obsolete;
+ 
+ struct id3_frametype const *id3_frametype_lookup(register char const *,
+-						 register unsigned int);
++						 register size_t);
+ 
+ # endif
+Index: libid3tag-0.15.1b/compat.h
+===================================================================
+--- libid3tag-0.15.1b.orig/compat.h
++++ libid3tag-0.15.1b/compat.h
+@@ -34,7 +34,7 @@ struct id3_compat {
+ };
+ 
+ struct id3_compat const *id3_compat_lookup(register char const *,
+-					   register unsigned int);
++					   register size_t);
+ 
+ int id3_compat_fixup(struct id3_tag *);
+ 
diff --git a/files/security/CVE-2004-2779.patch b/files/security/CVE-2004-2779.patch
new file mode 100644
--- /dev/null
+++ b/files/security/CVE-2004-2779.patch
@@ -0,0 +1,11 @@
+--- utf16.c.old	2005-01-07 12:35:28.622883237 +0100
++++ utf16.c	2005-01-07 12:35:36.603673548 +0100
+@@ -250,6 +250,8 @@
+   id3_ucs4_t *ucs4;
+ 
+   end = *ptr + (length & ~1);
++  if (end == *ptr)
++    return 0;
+ 
+   utf16 = malloc((length / 2 + 1) * sizeof(*utf16));
+   if (utf16 == 0)
diff --git a/files/security/CVE-2008-2109.patch b/files/security/CVE-2008-2109.patch
new file mode 100644
--- /dev/null
+++ b/files/security/CVE-2008-2109.patch
@@ -0,0 +1,11 @@
+--- field.c.orig	2008-05-05 09:49:15.000000000 -0400
++++ field.c	2008-05-05 09:49:25.000000000 -0400
+@@ -291,7 +291,7 @@
+ 
+       end = *ptr + length;
+ 
+-      while (end - *ptr > 0) {
++      while (end - *ptr > 0 && **ptr != '\0') {
+ 	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ 	if (ucs4 == 0)
+ 	  goto fail;
diff --git a/files/security/CVE-2017-11550.patch b/files/security/CVE-2017-11550.patch
new file mode 100644
--- /dev/null
+++ b/files/security/CVE-2017-11550.patch
@@ -0,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 11_unknown_encoding.dpatch by Andreas Henriksson <andreas@fatal.se>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: In case of an unknown/invalid encoding, id3_parse_string() will
+## DP: return NULL, but the return value wasn't checked resulting
+## DP: in segfault in id3_ucs4_length().  This is the only place
+## DP: the return value wasn't checked.
+
+@DPATCH@
+diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf
+--- libid3tag-0.15.1b~/compat.gperf	2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/compat.gperf	2007-01-14 14:36:53.000000000 +0000
+@@ -236,6 +236,10 @@
+ 
+     encoding = id3_parse_uint(&data, 1);
+     string   = id3_parse_string(&data, end - data, encoding, 0);
++    if (!string)
++    {
++	continue;
++    }
+ 
+     if (id3_ucs4_length(string) < 4) {
+       free(string);
+diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c
+--- libid3tag-0.15.1b~/parse.c	2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/parse.c	2007-01-14 14:37:34.000000000 +0000
+@@ -165,6 +165,9 @@
+   case ID3_FIELD_TEXTENCODING_UTF_8:
+     ucs4 = id3_utf8_deserialize(ptr, length);
+     break;
++  default:
++  	/* FIXME: Unknown encoding! Print warning? */
++	return NULL;
+   }
+ 
+   if (ucs4 && !full) {
diff --git a/files/series b/files/series
new file mode 100644
--- /dev/null
+++ b/files/series
@@ -0,0 +1,4 @@
+security/CVE-2004-2779.patch -p0
+security/CVE-2008-2109.patch -p0
+security/CVE-2017-11550.patch
+gperf-size_t.patch
diff --git a/package.yml b/package.yml
--- a/package.yml
+++ b/package.yml
@@ -1,14 +1,21 @@
 name       : libid3tag
 version    : 0.15.1b
-release    : 3
+release    : 4
 source     :
     - ftp://ftp.mars.org/pub/mpeg/libid3tag-0.15.1b.tar.gz : 63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151
-license    : GPL-2.0
+license    : GPL-2.0-only
 component  : multimedia.library
 summary    : library for id3 tagging
 description: |
     library for id3 tagging
+builddeps  :
+    - gperf
 setup      : |
+    %apply_patches
+
+    # Force these files to be regenerated from the .gperf sources
+    rm compat.c frametype.c
+
     %configure --disable-static
 build      : |
     %make
diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
--- a/pspec_x86_64.xml
+++ b/pspec_x86_64.xml
@@ -2,10 +2,10 @@
     <Source>
         <Name>libid3tag</Name>
         <Packager>
-            <Name>Joshua Strobl</Name>
-            <Email>joshua@stroblindustries.com</Email>
+            <Name>Pierre-Yves</Name>
+            <Email>pyu@riseup.net</Email>
         </Packager>
-        <License>GPL-2.0</License>
+        <License>GPL-2.0-only</License>
         <PartOf>multimedia.library</PartOf>
         <Summary xml:lang="en">library for id3 tagging</Summary>
         <Description xml:lang="en">library for id3 tagging
@@ -29,7 +29,7 @@
 </Description>
         <PartOf>programming.devel</PartOf>
         <RuntimeDependencies>
-            <Dependency release="3">libid3tag</Dependency>
+            <Dependency release="4">libid3tag</Dependency>
         </RuntimeDependencies>
         <Files>
             <Path fileType="header">/usr/include/</Path>
@@ -38,12 +38,12 @@
         </Files>
     </Package>
     <History>
-        <Update release="3">
-            <Date>2016-06-16</Date>
+        <Update release="4">
+            <Date>2018-04-19</Date>
             <Version>0.15.1b</Version>
             <Comment>Packaging update</Comment>
-            <Name>Joshua Strobl</Name>
-            <Email>joshua@stroblindustries.com</Email>
+            <Name>Pierre-Yves</Name>
+            <Email>pyu@riseup.net</Email>
         </Update>
     </History>
 </PISI>
\ No newline at end of file