diff --git a/python-doc.changes b/python-doc.changes
index 6bba928..8c408a2 100644
--- a/python-doc.changes
+++ b/python-doc.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Wed Mar  1 14:43:31 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
+  bsc#1208471) blocklists bypass via the urllib.parse component
+  when supplying a URL that starts with blank characters
+
+-------------------------------------------------------------------
+Fri Jan 27 15:00:21 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
+
+- Disable NIS for new products, it's deprecated and gets removed
+
 -------------------------------------------------------------------
 Thu Jan 19 07:14:09 UTC 2023 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python-doc.spec b/python-doc.spec
index 99b593a..190eee9 100644
--- a/python-doc.spec
+++ b/python-doc.spec
@@ -141,6 +141,10 @@ Patch73:        CVE-2022-45061-DoS-by-IDNA-decode.patch
 # PATCH-FIX-UPSTREAM skip_unverified_test.patch mcepl@suse.com
 # switching verification off on the old SLE doesn't work
 Patch74:        skip_unverified_test.patch
+# PATCH-FIX-UPSTREAM CVE-2023-24329-blank-URL-bypass.patch bsc#1208471 mcepl@suse.com
+# blocklist bypass via the urllib.parse component when supplying
+# a URL that starts with blank characters
+Patch75:        CVE-2023-24329-blank-URL-bypass.patch
 # COMMON-PATCH-END
 Provides:       pyth_doc = %{version}
 Provides:       pyth_ps = %{version}
@@ -224,6 +228,7 @@ Python, and Macintosh Module Reference in PDF format.
 %if 0%{?sle_version} && 0%{?sle_version} < 150000
 %patch74 -p1
 %endif
+%patch75 -p1
 
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar
diff --git a/python.changes b/python.changes
index f5173f6..8c408a2 100644
--- a/python.changes
+++ b/python.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Mar  1 14:43:31 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
+  bsc#1208471) blocklists bypass via the urllib.parse component
+  when supplying a URL that starts with blank characters
+
 -------------------------------------------------------------------
 Fri Jan 27 15:00:21 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/python.spec b/python.spec
index f5621a0..f2202ba 100644
--- a/python.spec
+++ b/python.spec
@@ -141,6 +141,10 @@ Patch73:        CVE-2022-45061-DoS-by-IDNA-decode.patch
 # PATCH-FIX-UPSTREAM skip_unverified_test.patch mcepl@suse.com
 # switching verification off on the old SLE doesn't work
 Patch74:        skip_unverified_test.patch
+# PATCH-FIX-UPSTREAM CVE-2023-24329-blank-URL-bypass.patch bsc#1208471 mcepl@suse.com
+# blocklist bypass via the urllib.parse component when supplying
+# a URL that starts with blank characters
+Patch75:        CVE-2023-24329-blank-URL-bypass.patch
 # COMMON-PATCH-END
 BuildRequires:  automake
 BuildRequires:  db-devel
@@ -342,6 +346,7 @@ that rely on earlier non-verification behavior.
 %if 0%{?sle_version} && 0%{?sle_version} < 150000
 %patch74 -p1
 %endif
+%patch75 -p1
 
 # For patch 66
 cp -v %{SOURCE66} Lib/test/recursion.tar