diff --git a/bash-4.2-CVE-2014-6271.patch b/bash-4.2-CVE-2014-6271.patch
new file mode 100644
index 0000000..8b1c3da
--- /dev/null
+++ b/bash-4.2-CVE-2014-6271.patch
@@ -0,0 +1,67 @@
+diff -ur a/bash/builtins/common.h b/bash/builtins/common.h
+--- a/bash/builtins/common.h	2010-05-31 00:31:51.000000000 +0200
++++ b/bash/builtins/common.h	2014-09-16 21:36:20.139826595 +0200
+@@ -33,6 +33,8 @@
+ #define SEVAL_RESETLINE	0x010
+ #define SEVAL_PARSEONLY	0x020
+ #define SEVAL_NOLONGJMP 0x040
++#define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
++#define SEVAL_ONECMD	0x100		/* only allow a single command */
+ 
+ /* Flags for describe_command, shared between type.def and command.def */
+ #define CDESC_ALL		0x001	/* type -a */
+diff -ur a/bash/builtins/evalstring.c b/bash/builtins/evalstring.c
+--- a/bash/builtins/evalstring.c	2010-11-23 14:22:15.000000000 +0100
++++ b/bash/builtins/evalstring.c	2014-09-16 21:36:20.139826595 +0200
+@@ -261,6 +261,14 @@
+ 	    {
+ 	      struct fd_bitmap *bitmap;
+ 
++	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++		{
++		  internal_warning ("%s: ignoring function definition attempt", from_file);
++		  should_jump_to_top_level = 0;
++		  last_result = last_command_exit_value = EX_BADUSAGE;
++		  break;
++		}
++
+ 	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+ 	      begin_unwind_frame ("pe_dispose");
+ 	      add_unwind_protect (dispose_fd_bitmap, bitmap);
+@@ -321,6 +329,9 @@
+ 	      dispose_command (command);
+ 	      dispose_fd_bitmap (bitmap);
+ 	      discard_unwind_frame ("pe_dispose");
++
++	      if (flags & SEVAL_ONECMD)
++		break;
+ 	    }
+ 	}
+       else
+diff -ur a/bash/variables.c b/bash/variables.c
+--- a/bash/variables.c	2014-09-16 21:35:34.878850652 +0200
++++ b/bash/variables.c	2014-09-16 21:37:16.221034763 +0200
+@@ -347,7 +347,11 @@
+ 	  temp_string[char_index] = ' ';
+ 	  strcpy (temp_string + char_index + 1, string);
+ 
+-	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
++ 	  /* Don't import function names that are invalid identifiers from the
++ 	     environment, though we still allow them to be defined as shell
++ 	     variables. */
++ 	  if (legal_identifier (name))
++ 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+ 
+ 	  /* Ancient backwards compatibility.  Old versions of bash exported
+ 	     functions like name()=() {...} */
+@@ -361,10 +365,6 @@
+ 	    }
+ 	  else
+ 	    report_error (_("error importing function definition for `%s'"), name);
+-
+-	  /* ( */
+-	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+-	    name[char_index - 2] = '(';		/* ) */
+ 	}
+ #if defined (ARRAY_VARS)
+ #  if 0
diff --git a/bash-4.2-error-getpwd.patch b/bash-4.2-error-getpwd.patch
new file mode 100644
index 0000000..a415a1a
--- /dev/null
+++ b/bash-4.2-error-getpwd.patch
@@ -0,0 +1,16 @@
+Backport of the corrected error message for a failing getpwd (bnc#895475)
+---
+ po/de.po |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- po/de.po
++++ po/de.po	2014-09-15 08:46:03.482235134 +0000
+@@ -267,7 +267,7 @@ msgstr "Fehler beim Ermitteln der Termin
+ #: builtins/common.c:563
+ #, c-format
+ msgid "%s: error retrieving current directory: %s: %s\n"
+-msgstr "%s: Kann das nicht aktuelle Verzeichnis wiederfinden: %s: %s\n"
++msgstr "%s: Kann das aktuelle Verzeichnis nicht wiederfinden: %s: %s\n"
+ 
+ #: builtins/common.c:629 builtins/common.c:631
+ #, c-format
diff --git a/bash.changes b/bash.changes
index 3c6ea75..159dca9 100644
--- a/bash.changes
+++ b/bash.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Sep 18 12:10:17 UTC 2014 - werner@suse.de
+
+- Add bash-4.2-CVE-2014-6271.patch
+  to fix CVE-2014-6271, the unexpected code execution with
+  environment variables (bnc#896776)
+
+-------------------------------------------------------------------
+Mon Sep 15 08:52:13 UTC 2014 - werner@suse.de
+
+- Add patch bash-4.2-error-getpwd.patch
+  which is the backport of the corrected german error message for
+  a failing getpwd (bnc#895475)
+
 -------------------------------------------------------------------
 Sun Jun 29 13:24:47 UTC 2014 - schwab@linux-m68k.org
 
diff --git a/bash.spec b/bash.spec
index e3e12be..90918f1 100644
--- a/bash.spec
+++ b/bash.spec
@@ -93,10 +93,14 @@ Patch27:        readline-6.2-xmalloc.dif
 Patch30:        readline-6.2-destdir.patch
 Patch31:        readline-6.2-rltrace.patch
 Patch40:        bash-4.1-bash.bashrc.dif
+# PATCH-FIX-UPSTREAM bnc#895475 -- locale de_DE.utf8 has wrong translations
+Patch41:        bash-4.2-error-getpwd.patch
 Patch42:        audit-patch
 Patch43:        audit-rl-patch
 Patch46:        man2html-no-timestamp.patch
 Patch47:        config-guess-sub-update.patch
+# PATCH-FIX-UPSTREAM bnc#895475 -- bnc#896776, CVE-2014-6271: unexpected code execution with environment variables
+Patch48:        bash-4.2-CVE-2014-6271.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _incdir     %{_includedir}
@@ -312,11 +316,13 @@ done
 %patch26 -p0 -b .msgdy
 %patch31 -p0 -b .tmp
 %patch40 -p0 -b .bashrc
+%patch41 -p0 -b .errgetpwd
 %if 0%suse_version >= 1100
 %patch42 -p1 -b .audit
 %endif
 %patch46 -p0 -b .notimestamp
 %patch47
+%patch48 -p2
 %patch0  -p0 -b .0
 pushd ../readline-%{rl_vers}%{extend}
 for patch in ../readline-%{rl_vers}-patches/*; do