diff --git a/gnutls-2.6.6-cve-2009-2730.patch b/gnutls-2.6.6-cve-2009-2730.patch
index deb174d..8a9cc30 100644
--- a/gnutls-2.6.6-cve-2009-2730.patch
+++ b/gnutls-2.6.6-cve-2009-2730.patch
@@ -76,7 +76,7 @@ diff -up gnutls-2.6.6/lib/openpgp/pgp.c.decoding gnutls-2.6.6/lib/openpgp/pgp.c
        if (ret == 0)
  	{
 -	  if (_gnutls_hostname_compare (dnsname, hostname))
-+	  if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
++	  if (_gnutls_hostname_compare (dnsname, dnsnamesize-1, hostname))
  	    return 1;
  	}
      }
diff --git a/gnutls.spec b/gnutls.spec
index fd8d28e..f304651 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,7 +1,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
 Version: 2.6.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
 License: GPLv3+ and LGPLv2+
 Group: System Environment/Libraries
@@ -151,6 +151,9 @@ fi
 %{_datadir}/guile/site/gnutls.scm
 
 %changelog
+* Wed Sep 23 2009 Tomas Mraz <tmraz@redhat.com> 2.6.6-3
+- fix handling of hostname in openpgp certificates
+
 * Fri Aug 14 2009 Tomas Mraz <tmraz@redhat.com> 2.6.6-2
 - fix CVE-2009-2730 - handling of NUL chars in certificate
   CNs and SANs