diff --git a/cfitsio-3.49.tar.gz b/cfitsio-3.49.tar.gz
new file mode 100644
index 0000000..df92f4a
Binary files /dev/null and b/cfitsio-3.49.tar.gz differ
diff --git a/cfitsio-pkgconfig.patch b/cfitsio-pkgconfig.patch
index c8e81da..b29e305 100644
--- a/cfitsio-pkgconfig.patch
+++ b/cfitsio-pkgconfig.patch
@@ -1,7 +1,7 @@
-diff -ur cfitsio/cfitsio.pc.in cfitsio.new/cfitsio.pc.in
---- cfitsio/cfitsio.pc.in	2013-04-08 20:11:56.000000000 +0200
-+++ cfitsio.new/cfitsio.pc.in	2013-07-10 18:42:11.105358864 +0200
-@@ -1,11 +1,11 @@
+diff -ur cfitsio-3.47/cfitsio.pc.in cfitsio-3.47.pkg/cfitsio.pc.in
+--- cfitsio-3.47/cfitsio.pc.in	2019-05-08 17:34:49.000000000 +0200
++++ cfitsio-3.47.pkg/cfitsio.pc.in	2019-08-01 15:56:52.064310329 +0200
+@@ -1,12 +1,12 @@
  prefix=@prefix@
  exec_prefix=@exec_prefix@
  libdir=@libdir@
@@ -10,9 +10,10 @@ diff -ur cfitsio/cfitsio.pc.in cfitsio.new/cfitsio.pc.in
  
  Name: cfitsio
  Description: FITS File Subroutine Library
+ URL: https://heasarc.gsfc.nasa.gov/fitsio/
  Version: @CFITSIO_MAJOR@.@CFITSIO_MINOR@
--Libs: -L${libdir} -lcfitsio @LIBS@
--Libs.private: -lm
+-Libs: -L${libdir} -lcfitsio
+-Libs.private: -lm @LIBS@
 -Cflags: -I${includedir}
 +Libs: -L${libdir} -lcfitsio
 +Libs.private: -lm -lz @LIBS@
diff --git a/cfitsio-zlib.patch b/cfitsio-zlib.patch
index ec9c7ff..043abb7 100644
--- a/cfitsio-zlib.patch
+++ b/cfitsio-zlib.patch
@@ -1,27 +1,27 @@
-diff -Naur cfitsio/Makefile.in cfitsio.zlib/Makefile.in
---- cfitsio/Makefile.in	2018-05-09 21:16:01.000000000 +0200
-+++ cfitsio.zlib/Makefile.in	2018-05-23 13:54:43.878032943 +0200
-@@ -67,9 +67,7 @@
+diff -ur cfitsio-3.47/Makefile.in cfitsio-3.47.zlib/Makefile.in
+--- cfitsio-3.47/Makefile.in	2019-05-08 17:34:50.000000000 +0200
++++ cfitsio-3.47.zlib/Makefile.in	2019-08-01 15:52:57.829760351 +0200
+@@ -68,9 +68,7 @@
  		pliocomp.c fits_hcompress.c fits_hdecompress.c \
  		simplerng.c @GSIFTP_SRC@
  
 -ZLIB_SOURCES =	zlib/adler32.c zlib/crc32.c zlib/deflate.c zlib/infback.c \
 -		zlib/inffast.c zlib/inflate.c zlib/inftrees.c zlib/trees.c \
 -		zlib/uncompr.c zlib/zcompress.c zlib/zuncompress.c zlib/zutil.c
-+ZLIB_SOURCES =	zlib/zcompress.c zlib/zuncompress.c
++ZLIB_SOURCES = zlib/zcompress.c zlib/zuncompress.c
  
  SOURCES = ${CORE_SOURCES} ${ZLIB_SOURCES} @F77_WRAPPERS@
  
-@@ -102,7 +100,7 @@
+@@ -103,7 +101,7 @@
  shared: lib${PACKAGE}${SHLIB_SUFFIX}
  
  lib${PACKAGE}${SHLIB_SUFFIX}: ${OBJECTS}
--		${SHLIB_LD} ${LDFLAGS} -o ${CFITSIO_SHLIB} ${OBJECTS} -lm ${LIBS}
-+		${SHLIB_LD} ${LDFLAGS} -o ${CFITSIO_SHLIB} ${OBJECTS} -lm -lz -lbz2 ${LIBS}
+-		${SHLIB_LD} ${LDFLAGS} -o ${CFITSIO_SHLIB} ${OBJECTS} -lm ${LIBS_CURL} ${LIBS}
++		${SHLIB_LD} ${LDFLAGS} -o ${CFITSIO_SHLIB} ${OBJECTS} -lm -lz -lbz2 ${LIBS_CURL} ${LIBS}
  		@if [ "x${CFITSIO_SHLIB_SONAME}" != x ]; then \
  			ln -sf ${CFITSIO_SHLIB} ${CFITSIO_SHLIB_SONAME}; \
  			ln -sf ${CFITSIO_SHLIB_SONAME} $@; \
-@@ -139,28 +137,28 @@
+@@ -140,28 +138,28 @@
  		${CC} -c ${CFLAGS} ${CPPFLAGS} ${SSE_FLAGS} ${DEFS} $<
  
  smem:		smem.o lib${PACKAGE}.a ${OBJECTS}
diff --git a/cfitsio.spec b/cfitsio.spec
index 3429353..d2a5a60 100644
--- a/cfitsio.spec
+++ b/cfitsio.spec
@@ -1,10 +1,10 @@
 Name:              cfitsio
-Version:           3.450
-Release:           5
+Version:           3.490
+Release:           1
 Summary:           Library for manipulating FITS data files
 License:           MIT
 URL:               http://heasarc.gsfc.nasa.gov/fitsio/
-Source0:           https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio3450.tar.gz
+Source0:           https://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/cfitsio-3.49.tar.gz
 
 Patch0000:         cfitsio-zlib.patch
 Patch0001:         cfitsio-noversioncheck.patch
@@ -62,7 +62,7 @@ a higher compression rate than lossless techniques
 to the accuracy in the original image) depends on the amount of compression
 
 %prep
-%autosetup  -n cfitsio -p1
+%autosetup  -n cfitsio-3.49 -p1
 cd zlib
 rm adler32.c crc32.c deflate.c infback.c inffast.c inflate.c inflate.h inftrees.c inftrees.h zlib.h \
 deflate.h trees.c trees.h uncompr.c zconf.h zutil.c zutil.h crc32.h  inffast.h  inffixed.h 
@@ -117,6 +117,9 @@ chmod 755 %{buildroot}%{_bindir}/f{,un}pack
 %{_bindir}/funpack
 
 %changelog
+* Wed Feb 09 2022 yaoxin <yaoxin30@huawei.com> - 3.490-1
+- Upgrade cfitsio to 3.490 to fix CVE-2018-3848,CVE-2018-3849
+
 * Mon Mar 09 2020 yangjian<yangjian79@huawei.com> - 3.450-5
 - Fix changelog  problem
 
diff --git a/cfitsio3450.tar.gz b/cfitsio3450.tar.gz
deleted file mode 100644
index bd32dbc..0000000
Binary files a/cfitsio3450.tar.gz and /dev/null differ