diff --git a/pycrypto-2.0.1-CVE-2013-7459.patch b/pycrypto-2.0.1-CVE-2013-7459.patch
new file mode 100644
index 0000000..ede9311
--- /dev/null
+++ b/pycrypto-2.0.1-CVE-2013-7459.patch
@@ -0,0 +1,20 @@
+--- src/block_template.c
++++ src/block_template.c
+@@ -114,6 +114,17 @@ ALGnew(PyObject *self, PyObject *args, P
+ 				"Key cannot be the null string");
+ 		return NULL;
+ 	}
++	if (IVlen != 0 && mode == MODE_ECB)
++	{
++		PyErr_Format(PyExc_ValueError, "ECB mode does not use IV");
++		return NULL;
++	}
++	if (IVlen != 0 && mode == MODE_CTR)
++	{
++		PyErr_Format(PyExc_ValueError,
++			     "CTR mode needs counter parameter, not IV");
++		return NULL;
++	}
+ 	if (IVlen != BLOCK_SIZE && IVlen != 0)
+ 	{
+ 		PyErr_Format(PyExc_ValueError, 
diff --git a/python-crypto.spec b/python-crypto.spec
index a27dfe6..def61e5 100644
--- a/python-crypto.spec
+++ b/python-crypto.spec
@@ -4,7 +4,7 @@
 Summary:	Cryptography library for Python
 Name:		python-crypto
 Version:	2.0.1
-Release:	5%{?dist}
+Release:	6%{?dist}
 License:	Public Domain
 Group:		Development/Libraries
 URL:		http://www.pycrypto.org/
@@ -12,11 +12,11 @@ URL:		http://www.pycrypto.org/
 # The original tarball:
 #  http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz
 # contains support for IDEA and RC5.
-# 
+#
 # We remove it in the tarball we ship, using a "hobble-python-crypto" script.
 Source:		pycrypto-2.0.1-hobbled.tar.gz
 
-# patch taken from 
+# patch taken from
 # http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
 Patch0:		%{name}-fix_buffer_overflow.patch
 
@@ -27,6 +27,11 @@ Patch1:		python-crypto-hobble.patch
 # https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2
 Patch2:		pycrypto-2.0.1-CVE-2012-2417.patch
 
+# AES.new with invalid parameter crashes python
+# https://github.com/dlitz/pycrypto/issues/176
+# CVE-2013-7459 (upstream fix backported to pycrypto 2.0.1)
+Patch3:		pycrypto-2.0.1-CVE-2013-7459.patch
+
 BuildRequires:	python >= 2.2
 BuildRequires:	python-devel >= 2.2
 BuildRequires:	gmp-devel >= 4.1
@@ -55,6 +60,7 @@ sed -i -e 's|/lib|/%_lib|g' setup.py
 %patch0 -b .patch0 -p1
 %patch1 -p1
 %patch2
+%patch3
 
 %build
 CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
@@ -95,6 +101,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Jan 18 2017 Paul Howarth <paul@city-fan.org> - 2.0.1-6
+- AES.new with invalid parameter crashes python (CVE-2013-7459)
+  (https://github.com/dlitz/pycrypto/issues/176)
+
 * Fri May 25 2012 Paul Howarth <paul@city-fan.org> - 2.0.1-5
 - Fix LP#985164: insecure ElGamal key generation (#825165, CVE-2012-2417)
 - Update URL
@@ -122,7 +132,7 @@ rm -rf $RPM_BUILD_ROOT
 * Wed Aug 17 2005 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0.1-1
 - Update to 2.0.1
 - Use Dist
-- Drop python-crypto-64bit-unclean.patch, similar patch was applied 
+- Drop python-crypto-64bit-unclean.patch, similar patch was applied
   upstream
 
 * Thu May 05 2005 Thorsten Leemhuis <fedora at leemhuis dot info> - 0:2.0-4