diff --git a/newt-0.52.10-reflowbuffer.patch b/newt-0.52.10-reflowbuffer.patch
new file mode 100644
index 0000000..0939f33
--- /dev/null
+++ b/newt-0.52.10-reflowbuffer.patch
@@ -0,0 +1,12 @@
+diff -up newt-0.52.10/textbox.c.orig newt-0.52.10/textbox.c
+--- newt-0.52.10/textbox.c.orig	2008-07-30 14:42:55.000000000 +0200
++++ newt-0.52.10/textbox.c	2009-09-21 14:59:24.000000000 +0200
+@@ -179,7 +179,7 @@ static void doReflow(const char * text, 
+ 
+     if (resultPtr) {
+ 	/* XXX I think this will work */
+-	result = malloc(strlen(text) + (strlen(text) / width) + 2);
++	result = malloc(strlen(text) + (strlen(text) / (width - 1)) + 2);
+ 	*result = '\0';
+     }
+ 	
diff --git a/newt.spec b/newt.spec
index 8220b50..1489c50 100644
--- a/newt.spec
+++ b/newt.spec
@@ -2,7 +2,7 @@
 Summary: A library for text mode user interfaces
 Name: newt
 Version: 0.52.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2
 Group: System Environment/Libraries
 URL: https://fedorahosted.org/newt/
@@ -10,6 +10,7 @@ Source: https://fedorahosted.org/releases/n/e/newt/newt-%{version}.tar.gz
 BuildRequires: popt-devel python-devel slang-devel
 Provides: snack = %{version}-%{release}
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch1: newt-0.52.10-reflowbuffer.patch
 
 %package devel
 Summary: Newt windowing toolkit development files
@@ -56,6 +57,7 @@ providing a python API for creating text mode ionterfaces.
 
 %prep
 %setup -q
+%patch1 -p1 -b .reflowbuffer
 
 %build
 # gpm support seems to smash the stack w/ we use help in anaconda??
@@ -101,6 +103,9 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/*.py*
 
 %changelog
+* Thu Sep 24 2009 Miroslav Lichvar <mlichvar@redhat.com> - 0.52.10-2
+- fix buffer overflow in textbox when reflowing (#523955, CVE-2009-2905)
+
 * Wed Jul 30 2008 Miroslav Lichvar <mlichvar@redhat.com> - 0.52.10-1
 - improve --noitem description (#456305)
 - add setHeight to Textbox class