diff --git a/kdelibs-3.5.10-CVE-2015-7543.patch b/kdelibs-3.5.10-CVE-2015-7543.patch
new file mode 100644
index 0000000..c472a2b
--- /dev/null
+++ b/kdelibs-3.5.10-CVE-2015-7543.patch
@@ -0,0 +1,38 @@
+diff -ur kdelibs-3.5.10/kinit/lnusertemp.c kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c
+--- kdelibs-3.5.10/kinit/lnusertemp.c	2007-05-14 09:52:34.000000000 +0200
++++ kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c	2015-12-10 10:04:02.934321515 +0100
+@@ -178,7 +178,11 @@
+      if (result == 0) return 0; /* Success */
+      unlink(kde_tmp_dir);
+      strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
++#if 0
+      mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
++#else
++     if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
++#endif
+      return create_link(kde_tmp_dir, user_tmp_dir);
+   }
+   if ((result == -1) || (!S_ISLNK(stat_buf.st_mode)))
+@@ -204,14 +208,22 @@
+      if (result == 0) return 0; /* Success */
+      unlink(kde_tmp_dir);
+      strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
++#if 0
+      mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
++#else
++     if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
++#endif
+      return create_link(kde_tmp_dir, user_tmp_dir);
+   }
+   result = check_tmp_dir(tmp_buf);
+   if (result == 0) return 0; /* Success */
+   unlink(kde_tmp_dir);
+   strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
++#if 0
+   mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
++#else
++     if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
++#endif
+   return create_link(kde_tmp_dir, user_tmp_dir);
+ }
+ 
diff --git a/kdelibs3.spec b/kdelibs3.spec
index 449b042..6bfa5fb 100644
--- a/kdelibs3.spec
+++ b/kdelibs3.spec
@@ -18,7 +18,7 @@
 Summary: KDE 3 Libraries
 Name:    kdelibs3
 Version: 3.5.10
-Release: 70%{?dist}
+Release: 71%{?dist}
 
 License: LGPLv2
 Url: http://www.kde.org/
@@ -108,6 +108,11 @@ Patch207: libltdl-CVE-2009-3736.patch
 Patch208: kdelibs-3.5.x-CVE-2011-3365.patch
 # CVE-2013-2074, prints passwords contained in HTTP URLs in error messages
 Patch209: kdelibs-3.5.10-CVE-2013-2074.patch
+# CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
+# backport upstream fix (the lnusertemp.c change) from kdelibs 4:
+# http://commits.kde.org/kdelibs/cc5515ed7ce8884c9b18169158ba29ab2f7a3db7
+# upstream fix by Joseph Wenninger, rediffed for kdelibs 3.5.10 by Kevin Kofler
+Patch210: kdelibs-3.5.10-CVE-2015-7543.patch
 
 ## fixes to common KDE 3 autotools machinery
 # tweak autoconfigury so that it builds with autoconf 2.64 or 2.65
@@ -271,6 +276,7 @@ format for easy browsing
 %patch207 -p1 -b .CVE-2009-3736
 %patch208 -p1 -b .CVE-2011-3365
 %patch209 -p1 -b .CVE-2013-2074
+%patch210 -p1 -b .CVE-2015-7543
 
 %patch300 -p1 -b .acinclude
 %patch301 -p1 -b .automake-version
@@ -592,6 +598,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
 
 
 %changelog
+* Thu Dec 10 2015 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-71
+- Backport CVE-2015-7543 fix (Joseph Wenninger) from kdelibs 4 (#1289235)
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-70
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild