diff --git a/0001-avcodec-libaom-fix-setting-amount-of-threads.patch b/0001-avcodec-libaom-fix-setting-amount-of-threads.patch
new file mode 100644
index 0000000..bcd82b3
--- /dev/null
+++ b/0001-avcodec-libaom-fix-setting-amount-of-threads.patch
@@ -0,0 +1,51 @@
+From 309c3a0e81be553626711912e90015c26f4b09ba Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Thu, 13 Sep 2018 13:26:00 -0300
+Subject: [PATCH] avcodec/libaom: fix setting amount of threads
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The libaom doxy says that a value of 0 for the threads fields is
+equivalent to a value of 1, whereas for avctx->thread_count it means
+the maximum amount of threads possible for the host system.
+
+Use av_cpu_count() to get the correct thread count when auto threads
+is requested.
+
+Reviewed-by: Jan Ekström <jeebjp@gmail.com>
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavcodec/libaomdec.c | 2 +-
+ libavcodec/libaomenc.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/libaomdec.c b/libavcodec/libaomdec.c
+index 6a2de6d47a..2530c9f76b 100644
+--- a/libavcodec/libaomdec.c
++++ b/libavcodec/libaomdec.c
+@@ -43,7 +43,7 @@ static av_cold int aom_init(AVCodecContext *avctx,
+     AV1DecodeContext *ctx           = avctx->priv_data;
+     struct aom_codec_dec_cfg deccfg = {
+         /* token partitions+1 would be a decent choice */
+-        .threads = FFMIN(avctx->thread_count, 16)
++        .threads = FFMIN(avctx->thread_count ? avctx->thread_count : av_cpu_count(), 16)
+     };
+ 
+     av_log(avctx, AV_LOG_INFO, "%s\n", aom_codec_version_str());
+diff --git a/libavcodec/libaomenc.c b/libavcodec/libaomenc.c
+index bbf4cf8b64..6a79d9b873 100644
+--- a/libavcodec/libaomenc.c
++++ b/libavcodec/libaomenc.c
+@@ -319,7 +319,7 @@ static av_cold int aom_init(AVCodecContext *avctx,
+     enccfg.g_h            = avctx->height;
+     enccfg.g_timebase.num = avctx->time_base.num;
+     enccfg.g_timebase.den = avctx->time_base.den;
+-    enccfg.g_threads      = avctx->thread_count;
++    enccfg.g_threads      = avctx->thread_count ? avctx->thread_count : av_cpu_count();
+ 
+     if (ctx->lag_in_frames >= 0)
+         enccfg.g_lag_in_frames = ctx->lag_in_frames;
+-- 
+2.18.0
+
diff --git a/0001-avformat-flvenc-Check-audio-packet-size.patch b/0001-avformat-flvenc-Check-audio-packet-size.patch
new file mode 100644
index 0000000..dd2dd2b
--- /dev/null
+++ b/0001-avformat-flvenc-Check-audio-packet-size.patch
@@ -0,0 +1,33 @@
+From 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 28 Jul 2018 15:03:50 +0200
+Subject: [PATCH] avformat/flvenc: Check audio packet size
+
+Fixes: Assertion failure
+Fixes: assert_flvenc.c:941_1.swf
+
+Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/flvenc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c
+index 1c552a3e6b..e4863f1fc7 100644
+--- a/libavformat/flvenc.c
++++ b/libavformat/flvenc.c
+@@ -883,6 +883,11 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt)
+     int flags = -1, flags_size, ret;
+     int64_t cur_offset = avio_tell(pb);
+ 
++    if (par->codec_type == AVMEDIA_TYPE_AUDIO && !pkt->size) {
++        av_log(s, AV_LOG_WARNING, "Empty audio Packet\n");
++        return AVERROR(EINVAL);
++    }
++
+     if (par->codec_id == AV_CODEC_ID_VP6F || par->codec_id == AV_CODEC_ID_VP6A ||
+         par->codec_id == AV_CODEC_ID_VP6  || par->codec_id == AV_CODEC_ID_AAC)
+         flags_size = 2;
+-- 
+2.18.0
+
diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index 8549602..d02cb27 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,8 +1,20 @@
+-------------------------------------------------------------------
+Thu Sep 13 23:17:35 UTC 2018 - 9+suse@cirno.systems
+
+- Add 0001-avcodec-libaom-fix-setting-amount-of-threads.patch
+
+-------------------------------------------------------------------
+Fri Aug 24 07:19:30 UTC 2018 - jengelh@inai.de
+
+- Add 0001-avformat-flvenc-Check-audio-packet-size.patch
+  [CVE-2018-15822, boo#1105869]
+
 -------------------------------------------------------------------
 Mon Aug 13 18:07:13 UTC 2018 - bjorn.lie@gmail.com
 
 - Update to version 4.0.2:
-  * Various bugfixes and a revert.
+  * CVE-2018-13300: out of array read (boo#1100348, CVE-2018-13300)
+  * Various bugfixes and a revert
 
 -------------------------------------------------------------------
 Sat Aug 11 08:28:47 UTC 2018 - carmen@carmenbianca.eu
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index 3d16678..6312213 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -118,6 +118,8 @@ Patch2:         ffmpeg-arm6l.diff
 Patch3:         ffmpeg-new-coder-errors.diff
 Patch4:         ffmpeg-codec-choice.diff
 Patch5:         cve-2017-17555.diff
+Patch6:         0001-avformat-flvenc-Check-audio-packet-size.patch
+Patch7:         0001-avcodec-libaom-fix-setting-amount-of-threads.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel