diff --git a/.gitignore b/.gitignore
index 526d8f0..ac57aeb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@ mantisbt-1.1.8.tar.gz
 /mantisbt-1.2.14.tar.gz
 /mantisbt-1.2.15.tar.gz
 /mantisbt-1.2.17.tar.gz
+/mantisbt-1.2.18.tar.gz
+/mantisbt-1.2.19.tar.gz
diff --git a/mantis-1.2.12-install_no_write_config.patch b/mantis-1.2.12-install_no_write_config.patch
deleted file mode 100644
index db2e000..0000000
--- a/mantis-1.2.12-install_no_write_config.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-diff -u -aur mantisbt-1.2.12.orig/admin/install.php mantisbt-1.2.12/admin/install.php
---- mantisbt-1.2.12.orig/admin/install.php	2012-11-12 00:10:40.000000000 +0100
-+++ mantisbt-1.2.12/admin/install.php	2012-11-15 00:24:29.567983203 +0100
-@@ -412,10 +412,18 @@
- <?php if( !$g_database_upgrade ) {?>
- <tr>
- 	<td>
-+		<div style="background-color: #FCC; padding: 5px; border: 1px solid red;">
-+		To change any of the disabled options below, edit /etc/mantis/config_inc.php and reload this page!
-+		</div>
-+	</td>
-+</tr>
-+
-+<tr>
-+	<td>
- 		Type of Database
- 	</td>
- 	<td>
--		<select name="db_type">
-+		<select disabled="true" name="db_type">
- 		<?php
- 			// Build selection list of available DB types
- 			$t_db_list = array(
-@@ -451,7 +459,7 @@
- 		Hostname (for Database Server)
- 	</td>
- 	<td>
--		<input name="hostname" type="textbox" value="<?php echo $f_hostname?>"></input>
-+		<input name="hostname" type="textbox" disabled="disabled" value="<?php echo $f_hostname?>"></input>
- 	</td>
- </tr>
- <?php
-@@ -463,7 +471,7 @@
- 		Username (for Database)
- 	</td>
- 	<td>
--		<input name="db_username" type="textbox" value="<?php echo $f_db_username?>"></input>
-+		<input name="db_username" type="textbox" disabled="disabled" value="<?php echo $f_db_username?>"></input>
- 	</td>
- </tr>
- <?php
-@@ -475,7 +483,7 @@
- 		Password (for Database)
- 	</td>
- 	<td>
--		<input name="db_password" type="password" value="<?php echo( !is_blank( $f_db_password ) ? CONFIGURED_PASSWORD : "" )?>"></input>
-+		<input name="db_password" type="password" disabled="disabled" value="<?php echo( !is_blank( $f_db_password ) ? CONFIGURED_PASSWORD : "" )?>"></input>
- 	</td>
- </tr>
- <?php
-@@ -487,7 +495,7 @@
- 		Database name (for Database)
- 	</td>
- 	<td>
--		<input name="database_name" type="textbox" value="<?php echo $f_database_name?>"></input>
-+		<input name="database_name" type="textbox" disabled="disabled" value="<?php echo $f_database_name?>"></input>
- 	</td>
- </tr>
- <?php
-@@ -780,79 +788,9 @@
- if( 5 == $t_install_state ) {
- 	$t_config_filename = $g_absolute_path . 'config_inc.php';
- 	$t_config_exists = file_exists( $t_config_filename );
--	?>
--<table width="100%" border="0" cellpadding="10" cellspacing="1">
--<tr>
--	<td bgcolor="#e8e8e8" colspan="2">
--		<span class="title">Write Configuration File(s)</span>
--	</td>
--</tr>
--
--<tr>
--	<td bgcolor="#ffffff">
--		<?php
--			if( !$t_config_exists ) {
--		echo 'Creating Configuration File (config_inc.php)<br />';
--		echo '<font color="red">(if this file is not created, create it manually with the contents below)</font>';
--	} else {
--		echo 'Updating Configuration File (config_inc.php)<br />';
--	}
--	?>
--	</td>
--	<?php
--		$t_config = '<?php' . "\r\n";
--	$t_config .= "\t\$g_hostname = '$f_hostname';\r\n";
--	$t_config .= "\t\$g_db_type = '$f_db_type';\r\n";
--	$t_config .= "\t\$g_database_name = '$f_database_name';\r\n";
--	$t_config .= "\t\$g_db_username = '$f_db_username';\r\n";
--	$t_config .= "\t\$g_db_password = '$f_db_password';\r\n";
- 
--	if( $f_db_type == 'db2' ) {
--		$t_config .= "\t\$g_db_schema = '$f_db_schema';\r\n";
--	}
--
--	$t_config .= '?>' . "\r\n";
--	$t_write_failed = true;
--
--	if( !$t_config_exists ) {
--		if( $fd = @fopen( $t_config_filename, 'w' ) ) {
--			fwrite( $fd, $t_config );
--			fclose( $fd );
--		}
--
--		if( file_exists( $t_config_filename ) ) {
--			print_test_result( GOOD );
--			$t_write_failed = false;
--		} else {
--			print_test_result( BAD, false, 'cannot write ' . $t_config_filename );
--		}
--	} else {
--		# already exists, see if the information is the same
--		if ( ( $f_hostname != config_get( 'hostname', '' ) ) ||
--			( $f_db_type != config_get( 'db_type', '' ) ) ||
--			( $f_database_name != config_get( 'database_name', '') ) ||
--			( $f_db_schema != config_get( 'db_schema', '') ) ||
--			( $f_db_username != config_get( 'db_username', '' ) ) ||
--			( $f_db_password != config_get( 'db_password', '' ) ) ) {
--			print_test_result( BAD, false, 'file ' . $g_absolute_path . 'config_inc.php' . ' already exists and has different settings' );
--		} else {
--			print_test_result( GOOD, false );
--			$t_write_failed = false;
--		}
--	}
--	?>
--</tr>
--<?php
--	if( true == $t_write_failed ) {
--		echo '<tr><table width="50%" border="0" cellpadding="10" cellspacing="1" align="center">';
--		echo '<tr><td>Please add the following lines to ' . $g_absolute_path . 'config_inc.php before continuing to the database upgrade check:</td></tr>';
--		echo '<tr><td><pre>' . htmlentities( $t_config ) . '</pre></td></tr></table></tr>';
--	}
--	?>
-+        // FEDORA PATCH: Removed config_inc.php manipulation code
- 
--</table>
--
--<?php
- 	if( false == $g_failed ) {
- 		$t_install_state++;
- 	}
-Only in mantisbt-1.2.12/admin: install.php.orig
diff --git a/mantis-1.2.17-fix_LDAP_poisoning.patch b/mantis-1.2.17-fix_LDAP_poisoning.patch
deleted file mode 100644
index d67c100..0000000
--- a/mantis-1.2.17-fix_LDAP_poisoning.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-commit 215968fa8ff33e327f0600765a5caa24de392cbc
-Author: Paul Richards <paul@mantisforge.org>
-Date:   Sat Oct 12 22:58:43 2013 +0100
-
-    Strip null bytes out of GPC input strings
-    
-    Backporting commit fc02c46eea9d9e7cc472a7fc1801ea65d467db76 from master
-    branch to fix issue #17640
-    
-    Signed-off-by: Damien Regad <dregad@mantisbt.org>
-
-diff --git a/core/gpc_api.php b/core/gpc_api.php
-index 2daad98..58e0827 100644
---- a/core/gpc_api.php
-+++ b/core/gpc_api.php
-@@ -110,7 +110,7 @@ function gpc_get_string( $p_var_name, $p_default = null ) {
- 		trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR );
- 	}
- 
--	return $t_result;
-+	return str_replace( "\0","",$t_result );
- }
- 
- /**
-@@ -255,7 +255,11 @@ function gpc_get_string_array( $p_var_name, $p_default = null ) {
- 		trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR );
- 	}
- 
--	return $t_result;
-+	$t_array = array();
-+	foreach( $t_result as $key => $val ) {
-+		$t_array[$key] = str_replace( "\0", "", $val );
-+	}
-+	return $t_array;
- }
- 
- /**
diff --git a/mantis-1.2.19-install_no_write_config.patch b/mantis-1.2.19-install_no_write_config.patch
new file mode 100644
index 0000000..027c784
--- /dev/null
+++ b/mantis-1.2.19-install_no_write_config.patch
@@ -0,0 +1,144 @@
+diff --git a/admin/install.php b/admin/install.php
+index 6a57a88..9c619c0 100644
+--- a/admin/install.php
++++ b/admin/install.php
+@@ -411,10 +411,18 @@ if( 1 == $t_install_state ) {
+ <?php if( !$g_database_upgrade ) {?>
+ <tr>
+ 	<td>
++		<div style="background-color: #FCC; padding: 5px; border: 1px solid red;">
++		To change any of the disabled options below, edit /etc/mantis/config_inc.php and reload this page!
++		</div>
++	</td>
++</tr>
++
++<tr>
++	<td>
+ 		Type of Database
+ 	</td>
+ 	<td>
+-		<select name="db_type">
++		<select disabled="true" name="db_type">
+ 		<?php
+ 			// Build selection list of available DB types
+ 			$t_db_list = array(
+@@ -450,7 +458,7 @@ if( !$g_database_upgrade ) {?>
+ 		Hostname (for Database Server)
+ 	</td>
+ 	<td>
+-		<input name="hostname" type="textbox" value="<?php echo string_attribute( $f_hostname ) ?>">
++		<input name="hostname" type="textbox" disabled="disabled" value="<?php echo string_attribute( $f_hostname ) ?>">
+ 	</td>
+ </tr>
+ <?php
+@@ -462,7 +470,7 @@ if( !$g_database_upgrade ) {?>
+ 		Username (for Database)
+ 	</td>
+ 	<td>
+-		<input name="db_username" type="textbox" value="<?php echo string_attribute( $f_db_username ) ?>">
++		<input name="db_username" type="textbox" disabled="disabled" value="<?php echo string_attribute( $f_db_username ) ?>">
+ 	</td>
+ </tr>
+ <?php
+@@ -486,7 +494,7 @@ if( !$g_database_upgrade ) {?>
+ 		Database name (for Database)
+ 	</td>
+ 	<td>
+-		<input name="database_name" type="textbox" value="<?php echo string_attribute( $f_database_name ) ?>">
++		<input name="database_name" type="textbox" disabled="disabled" value="<?php echo string_attribute( $f_database_name ) ?>">
+ 	</td>
+ </tr>
+ <?php
+@@ -785,91 +793,9 @@ if( 4 == $t_install_state ) {
+ if( 5 == $t_install_state ) {
+ 	$t_config_filename = $g_absolute_path . 'config_inc.php';
+ 	$t_config_exists = file_exists( $t_config_filename );
+-	?>
+-<table width="100%" border="0" cellpadding="10" cellspacing="1">
+-<tr>
+-	<td bgcolor="#e8e8e8" colspan="2">
+-		<span class="title">Write Configuration File(s)</span>
+-	</td>
+-</tr>
+ 
+-<tr>
+-	<td bgcolor="#ffffff">
+-		<?php echo ( $t_config_exists ? 'Updating' : 'Creating' )
+-			. ' Configuration File (config_inc.php)'; ?>
+-	</td>
+-	<?php
+-	# Generating the config_inc.php file
+-
+-	$t_config = '<?php' . "\r\n";
+-	$t_config .= "\$g_hostname = '$f_hostname';\r\n";
+-	$t_config .= "\$g_db_type = '$f_db_type';\r\n";
+-	$t_config .= "\$g_database_name = '$f_database_name';\r\n";
+-	$t_config .= "\$g_db_username = '$f_db_username';\r\n";
+-	$t_config .= "\$g_db_password = '$f_db_password';\r\n";
+-
+-	if( $f_db_type == 'db2' ) {
+-		$t_config .= "\$g_db_schema = '$f_db_schema';\r\n";
+-	}
+-
+-	$t_write_failed = true;
+-
+-	if( !$t_config_exists ) {
+-		if( $fd = @fopen( $t_config_filename, 'w' ) ) {
+-			fwrite( $fd, $t_config );
+-			fclose( $fd );
+-		}
++        // FEDORA PATCH: Removed config_inc.php manipulation code
+ 
+-		if( file_exists( $t_config_filename ) ) {
+-			print_test_result( GOOD );
+-			$t_write_failed = false;
+-		} else {
+-			print_test_result( BAD, false, 'cannot write ' . $t_config_filename );
+-		}
+-	} else {
+-		# already exists, see if the information is the same
+-		if ( ( $f_hostname != config_get( 'hostname', '' ) ) ||
+-			( $f_db_type != config_get( 'db_type', '' ) ) ||
+-			( $f_database_name != config_get( 'database_name', '') ) ||
+-			( $f_db_schema != config_get( 'db_schema', '') ) ||
+-			( $f_db_username != config_get( 'db_username', '' ) ) ||
+-			( $f_db_password != config_get( 'db_password', '' ) ) ) {
+-			print_test_result( BAD, false, 'file ' . $g_absolute_path . 'config_inc.php' . ' already exists and has different settings' );
+-		} else {
+-			print_test_result( GOOD, false );
+-			$t_write_failed = false;
+-		}
+-	}
+-	?>
+-</tr>
+-<?php
+-	if( true == $t_write_failed ) {
+-?>
+-<tr>
+-	<td colspan="2">
+-		<table width="50%" cellpadding="10" cellspacing="1">
+-			<tr>
+-				<td>
+-					Please add the following lines to
+-					<em>'<?php echo $g_absolute_path; ?>config_inc.php'</em>
+-					before continuing:
+-				</td>
+-			</tr>
+-			<tr>
+-				<td>
+-					<pre><?php echo htmlentities( $t_config ); ?></pre>
+-				</td>
+-			</tr>
+-		</table>
+-	</td>
+-</tr>
+-<?php
+-	}
+-	?>
+-
+-</table>
+-
+-<?php
+ 	if( false == $g_failed ) {
+ 		$t_install_state++;
+ 	}
diff --git a/mantis.spec b/mantis.spec
index df38ece..fa9e2d0 100644
--- a/mantis.spec
+++ b/mantis.spec
@@ -5,8 +5,8 @@
 
 Summary:    Web-based issue tracking system
 Name:       mantis
-Version:    1.2.17
-Release:    3%{?dist}
+Version:    1.2.19
+Release:    1%{?dist}
 License:    GPLv2+
 Group:      Applications/Internet
 URL:        http://www.mantisbt.org/
@@ -15,14 +15,13 @@ Source0:    http://downloads.sourceforge.net/mantisbt/mantisbt-%{version}.tar.gz
 Source1:    mantis-README.Fedora
 
 # Admin is supposed to edit /etc/mantis/config_inc.php
-Patch0:     mantis-1.2.12-install_no_write_config.patch
+Patch0:     mantis-1.2.19-install_no_write_config.patch
 Patch1:     mantis-1.2.12-no_example_com.patch
 # We secure admin/ with httpd directives
 Patch2:     mantis-1.2.4-do_not_warn_on_admin_directory.patch
 Patch3:     mantis-1.2.12-use_systems_phpmailer.patch
 # set environment variable to find config_inc.php in /etc/mantis
 Patch4:     mantis-1.2.14-set_env_on_scripts.patch
-Patch5:     mantis-1.2.17-fix_LDAP_poisoning.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -69,7 +68,6 @@ This package contains configuration-files for Apache httpd 2.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 cp %{SOURCE1} ./doc/README.Fedora
 rm -rf packages docbook tests
@@ -154,6 +152,21 @@ rm -rf "${RPM_BUILD_ROOT}"
 
 
 %changelog
+* Mon Jan 26 2015 Gianluca Sforna <giallu@gmail.com> - 1.2.19-1
+- new upstream release
+- rebase patch
+- fix CVE-2014-9571, CVE-2014-9572, CVE-2014-9573 (#1183595)
+
+* Tue Dec  9 2014 Gianluca Sforna <giallu@gmail.com> - 1.2.18-1
+- new upstream release
+- drop upstreamed patches
+- fix several security issues, full list in upstream changelog:
+  http://www.mantisbt.org/bugs/changelog_page.php?version_id=191
+
+* Fri Nov 14 2014 Gianluca Sforna <giallu@gmail.com> - 1.2.17-4
+- fix CVE-2014-7146, CVE-2014-8598 (#1162046)
+- fix CVE-2014-8554 (#1159295)
+
 * Fri Oct 03 2014 Gianluca Sforna <giallu@gmail.com> - 1.2.17-3
 - fix CVE-2014-6387 (#1141310)
 
diff --git a/sources b/sources
index 442a48a..576bf0e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b3080a3a9351524c547823d33a76106f  mantisbt-1.2.17.tar.gz
+8377a0219ec344b9ab9c186012b5114f  mantisbt-1.2.19.tar.gz

-- Write Configuration File(s) --
-- '; -- echo '(if this file is not created, create it manually with the contents below)'; -- } else { -- echo 'Updating Configuration File (config_inc.php) '; -- } -- ?> --