diff --git a/.gitignore b/.gitignore
index 84549cc..f91c18b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ wget-1.12.tar.bz2
 /wget-1.19.5.tar.gz
 /wget-1.20.tar.gz
 /wget-1.20.1.tar.gz
+/wget-1.20.3.tar.gz
diff --git a/sources b/sources
index 6dbab35..93be31a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (wget-1.20.1.tar.gz) = 855c7e3c45f9020a9fdb30e286ee6a0bdcaa780be3d0dda9ffdae73b562ae1012d4550242f66240407a28076a7054328d4f08a469a0da227a9e3410b8d5f46dc
+SHA512 (wget-1.20.3.tar.gz) = e8b82b40e270296228094a78d47f81580bdbdea9e6b93fd61b37dccb39430aeb9bda5397dc53a31c952a61629383c7e2a8c8abf414c8a4dd369af6ecf2717e6c
diff --git a/wget-1.20.3-remove-unneeded-debug-lines.patch b/wget-1.20.3-remove-unneeded-debug-lines.patch
new file mode 100644
index 0000000..790811a
--- /dev/null
+++ b/wget-1.20.3-remove-unneeded-debug-lines.patch
@@ -0,0 +1,37 @@
+From 562eacb76a2b64d5dc80a443f0f739bc9ef76c17 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Fri, 5 Apr 2019 13:01:57 +0200
+Subject: [PATCH] * src/iri.c (do_conversion): Remove unneeded debug lines
+
+---
+ src/iri.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/iri.c b/src/iri.c
+index d00683cd..eef12dce 100644
+--- a/src/iri.c
++++ b/src/iri.c
+@@ -152,11 +152,8 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz
+   *out = s = xmalloc (outlen + 1);
+   done = 0;
+ 
+-  DEBUGP (("iconv %s -> %s\n", tocode, fromcode));
+-
+   for (;;)
+     {
+-      DEBUGP (("iconv outlen=%d inlen=%d\n", outlen, inlen));
+       if (iconv (cd, (ICONV_CONST char **) &in, &inlen, out, &outlen) != (size_t)(-1) &&
+           iconv (cd, NULL, NULL, out, &outlen) != (size_t)(-1))
+         {
+@@ -191,8 +188,6 @@ do_conversion (const char *tocode, const char *fromcode, char const *in_org, siz
+         }
+       else if (errno == E2BIG) /* Output buffer full */
+         {
+-          logprintf (LOG_VERBOSE,
+-                    _("Reallocate output buffer len=%d outlen=%d inlen=%d\n"), len, outlen, inlen);
+           tooshort++;
+           done = len;
+           len = done + inlen * 2;
+-- 
+2.17.2
+
diff --git a/wget.spec b/wget.spec
index 51631b5..69d1ffe 100644
--- a/wget.spec
+++ b/wget.spec
@@ -1,12 +1,13 @@
 Summary: A utility for retrieving files using the HTTP or FTP protocols
 Name: wget
-Version: 1.20.1
-Release: 2%{?dist}
+Version: 1.20.3
+Release: 1%{?dist}
 License: GPLv3+
 Url: http://www.gnu.org/software/wget/
 Source: ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
 
 Patch1: wget-1.17-path.patch
+Patch2: wget-1.20.3-remove-unneeded-debug-lines.patch
 
 Provides: webclient
 Provides: bundled(gnulib) 
@@ -65,6 +66,10 @@ make check
 %{_infodir}/*
 
 %changelog
+* Fri Apr 05 2019 Tomas Hozza <thozza@redhat.com> - 1.20.3-1
+- Update to 1.20.3
+- Fix CVE-2019-5953
+
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild