diff --git a/.gitignore b/.gitignore
index c100835..fda7dfa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/libnftnl-1.2.7.tar.xz
+SOURCES/libnftnl-1.2.8.tar.xz
diff --git a/.libnftnl.metadata b/.libnftnl.metadata
index 9068372..5d8bff3 100644
--- a/.libnftnl.metadata
+++ b/.libnftnl.metadata
@@ -1 +1 @@
-06532b49e06d12a8fc2a33326dc35a638b3ae3c6 SOURCES/libnftnl-1.2.7.tar.xz
+70cabda025b580df85afe2ea10f814b82d600256 SOURCES/libnftnl-1.2.8.tar.xz
diff --git a/SOURCES/0001-set-Fix-for-array-overrun-when-setting-NFTNL_SET_DES.patch b/SOURCES/0001-set-Fix-for-array-overrun-when-setting-NFTNL_SET_DES.patch
new file mode 100644
index 0000000..58facdb
--- /dev/null
+++ b/SOURCES/0001-set-Fix-for-array-overrun-when-setting-NFTNL_SET_DES.patch
@@ -0,0 +1,48 @@
+From 73e56f12f39cf114532eb37119ac84865ffd71fd Mon Sep 17 00:00:00 2001
+From: Phil Sutter <psutter@redhat.com>
+Date: Wed, 4 Dec 2024 16:20:16 +0100
+Subject: [PATCH] set: Fix for array overrun when setting NFTNL_SET_DESC_CONCAT
+
+JIRA: https://issues.redhat.com/browse/RHEL-34697
+Upstream Status: libnftnl commit 7cb2a63d67af14576988631e916404592f261fd4
+
+commit 7cb2a63d67af14576988631e916404592f261fd4
+Author: Phil Sutter <phil@nwl.cc>
+Date:   Wed Nov 27 16:30:08 2024 +0100
+
+    set: Fix for array overrun when setting NFTNL_SET_DESC_CONCAT
+
+    Assuming max data_len of 16 * 4B and no zero bytes in 'data':
+    The while loop will increment field_count, use it as index for the
+    field_len array and afterwards make sure it hasn't increased to
+    NFT_REG32_COUNT. Thus a value of NFT_REG32_COUNT - 1 (= 15) will pass
+    the check, get incremented to 16 and used as index to the 16 fields long
+    array.
+    Use a less fancy for-loop to avoid the increment vs. check problem.
+
+    Fixes: 407f616ea5318 ("set: buffer overflow in NFTNL_SET_DESC_CONCAT setter")
+    Signed-off-by: Phil Sutter <phil@nwl.cc>
+    Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
+
+Signed-off-by: Phil Sutter <psutter@redhat.com>
+---
+ src/set.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/set.c b/src/set.c
+index 75ad64e..e9048e0 100644
+--- a/src/set.c
++++ b/src/set.c
+@@ -189,8 +189,10 @@ int nftnl_set_set_data(struct nftnl_set *s, uint16_t attr, const void *data,
+ 			return -1;
+ 
+ 		memcpy(&s->desc.field_len, data, data_len);
+-		while (s->desc.field_len[++s->desc.field_count]) {
+-			if (s->desc.field_count >= NFT_REG32_COUNT)
++		for (s->desc.field_count = 0;
++		     s->desc.field_count < NFT_REG32_COUNT;
++		     s->desc.field_count++) {
++			if (!s->desc.field_len[s->desc.field_count])
+ 				break;
+ 		}
+ 		break;
diff --git a/SPECS/libnftnl.spec b/SPECS/libnftnl.spec
index e4325de..cb24eb9 100644
--- a/SPECS/libnftnl.spec
+++ b/SPECS/libnftnl.spec
@@ -1,14 +1,12 @@
-%define libnftnl_rpmversion 1.2.7
-%define libnftnl_specrelease 4
-
 Name:           libnftnl
-Version:        %{libnftnl_rpmversion}
-Release:        %{libnftnl_specrelease}%{?dist}%{?buildid}.1
+Version:        1.2.8
+Release:        2%{?dist}
 Summary:        Library for low-level interaction with nftables Netlink's API over libmnl
 License:        GPL-2.0-or-later
 URL:            https://netfilter.org/projects/libnftnl/
 Source0:        %{url}/files/%{name}-%{version}.tar.xz
 
+Patch1:             0001-set-Fix-for-array-overrun-when-setting-NFTNL_SET_DES.patch
 
 BuildRequires:  libmnl-devel
 BuildRequires:  gcc
@@ -57,6 +55,12 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 %{_includedir}/libnftnl
 
 %changelog
+* Wed Dec 04 2024 Phil Sutter <psutter@redhat.com> [1.2.8-2.el10]
+- set: Fix for array overrun when setting NFTNL_SET_DESC_CONCAT (Phil Sutter) [RHEL-34697]
+
+* Thu Nov 07 2024 Phil Sutter <psutter@redhat.com> [1.2.8-1.el10]
+- Rebase onto version 1.2.8 (Phil Sutter) [RHEL-66276]
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.2.7-4.1
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018