diff --git a/.SRCINFO b/.SRCINFO
index 53f6b1e..34c1a78 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = db4.8
 	pkgdesc = The Berkeley DB embedded database system 4.8
 	pkgver = 4.8.30
-	pkgrel = 5
+	pkgrel = 6
 	url = http://www.oracle.com/technology/software/products/berkeley-db/index.html
 	arch = any
 	license = custom
@@ -9,8 +9,14 @@ pkgbase = db4.8
 	options = !libtool
 	options = !makeflags
 	source = http://download.oracle.com/berkeley-db/db-4.8.30.tar.gz
+	source = db-atomic.patch
+	source = CVE-2017-10140-cwd-db_config.patch
 	md5sums = f80022099c5742cd179343556179aa8c
+	md5sums = d56cef85d0fc9432b54a32993d4c9f06
+	md5sums = c2d29f72c20625c09f30e35af3c4f2ff
 	sha256sums = e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a
+	sha256sums = 7ab718c5624b4724a585c91f4cfdcd3830cfaf0ce1e865a4a79b316ba35990c0
+	sha256sums = 7dfea34368f4d3d5b81973f7b0dbb8a54cdd09effb09b2b28763b2470833a614
 
 pkgname = db4.8
 
diff --git a/CVE-2017-10140-cwd-db_config.patch b/CVE-2017-10140-cwd-db_config.patch
new file mode 100644
index 0000000..8024e3a
--- /dev/null
+++ b/CVE-2017-10140-cwd-db_config.patch
@@ -0,0 +1,22 @@
+Description: CVE-2017-10140: Reads DB_CONFIG from the current working directory
+ Do not access DB_CONFIG when db_home is not set.
+Origin: vendor, https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-10140
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1464032
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1043886
+Forwarded: no
+Author: Petr Kubat <pkubat@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2017-08-17
+
+--- db-5.3.28/env/env_open.c.old	2017-06-26 10:32:11.011419981 +0200
++++ db-5.3.28/env/env_open.c	2017-06-26 10:32:46.893721233 +0200
+@@ -473,7 +473,7 @@
+ 	env->db_mode = mode == 0 ? DB_MODE_660 : mode;
+ 
+ 	/* Read the DB_CONFIG file. */
+-	if ((ret = __env_read_db_config(env)) != 0)
++	if (env->db_home != NULL && (ret = __env_read_db_config(env)) != 0)
+ 		return (ret);
+ 
+ 	/*
diff --git a/PKGBUILD b/PKGBUILD
index 5c8ad84..a0ea0b2 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,16 +2,32 @@
 # Contributor: Leslie P. Polzer <polzer@gnu.org>
 pkgname=db4.8
 pkgver=4.8.30
-pkgrel=5
+pkgrel=6
 pkgdesc="The Berkeley DB embedded database system 4.8"
 arch=('any')
 license=('custom')
 url="http://www.oracle.com/technology/software/products/berkeley-db/index.html"
 depends=('gcc-libs')
 options=('!libtool' '!makeflags')
-source=(http://download.oracle.com/berkeley-db/db-${pkgver}.tar.gz)
-md5sums=('f80022099c5742cd179343556179aa8c')
-sha256sums=('e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a')
+source=(http://download.oracle.com/berkeley-db/db-${pkgver}.tar.gz
+        'db-atomic.patch'
+        'CVE-2017-10140-cwd-db_config.patch')
+md5sums=('f80022099c5742cd179343556179aa8c'
+	 'd56cef85d0fc9432b54a32993d4c9f06'
+         'c2d29f72c20625c09f30e35af3c4f2ff')
+sha256sums=('e0491a07cdb21fb9aa82773bbbedaeb7639cbd0e7f96147ab46141e0045db72a'
+            '7ab718c5624b4724a585c91f4cfdcd3830cfaf0ce1e865a4a79b316ba35990c0'
+            '7dfea34368f4d3d5b81973f7b0dbb8a54cdd09effb09b2b28763b2470833a614')
+
+prepare() {
+  cd "$srcdir/db-$pkgver/"
+
+  chmod +w dbinc/atomic.h
+  patch -p1 < "$srcdir"/db-atomic.patch
+  
+  chmod +w env/env_open.c
+  patch -u -p1 < "$srcdir"/CVE-2017-10140-cwd-db_config.patch
+}
 
 build() {
   cd "$srcdir/db-$pkgver/"
diff --git a/db-atomic.patch b/db-atomic.patch
new file mode 100644
index 0000000..08bcf44
--- /dev/null
+++ b/db-atomic.patch
@@ -0,0 +1,22 @@
+diff --git a/dbinc/atomic.h b/dbinc/atomic.h
+index 0034dcc..50b8b74 100644
+--- a/dbinc/atomic.h
++++ b/dbinc/atomic.h
+@@ -144,7 +144,7 @@ typedef LONG volatile *interlocked_val;
+ #define	atomic_inc(env, p)	__atomic_inc(p)
+ #define	atomic_dec(env, p)	__atomic_dec(p)
+ #define	atomic_compare_exchange(env, p, o, n)	\
+-	__atomic_compare_exchange((p), (o), (n))
++	__atomic_compare_exchange_db((p), (o), (n))
+ static inline int __atomic_inc(db_atomic_t *p)
+ {
+ 	int	temp;
+@@ -176,7 +176,7 @@ static inline int __atomic_dec(db_atomic_t *p)
+  * http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html
+  * which configure could be changed to use.
+  */
+-static inline int __atomic_compare_exchange(
++static inline int __atomic_compare_exchange_db(
+ 	db_atomic_t *p, atomic_value_t oldval, atomic_value_t newval)
+ {
+ 	atomic_value_t was;