diff --git a/apache2-mod_perl-2.0.4-xss.patch b/apache2-mod_perl-2.0.4-xss.patch
new file mode 100644
index 0000000..29a4a3d
--- /dev/null
+++ b/apache2-mod_perl-2.0.4-xss.patch
@@ -0,0 +1,47 @@
+--- perl/modperl/trunk/lib/Apache2/Status.pm	2007/12/31 08:05:11	607697
++++ perl/modperl/trunk/lib/Apache2/Status.pm	2009/04/01 15:39:56	760926
+@@ -29,7 +29,7 @@ use File::Spec ();
+ 
+ use Apache2::Const -compile => qw(OK);
+ 
+-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
++$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
+ 
+ use constant IS_WIN32 => ($^O eq "MSWin32");
+ 
+@@ -126,7 +126,7 @@ sub handler {
+         $r->print(symdump($r, $qs));
+     }
+     else {
+-        my $uri = $r->uri;
++        my $uri = $r->location;
+         $r->print('<p>');
+         $r->print(
+             map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
+@@ -198,7 +198,7 @@ sub status_section_config {
+ sub status_inc {
+     my ($r) = @_;
+ 
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my @retval = (
+         '<table border="1">',
+         "<tr>",
+@@ -289,7 +289,7 @@ sub status_rgysubs {
+     my ($r) = @_;
+ 
+     local $_;
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $cache = __PACKAGE__->registry_cache;
+ 
+     my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
+@@ -765,7 +765,7 @@ sub as_HTML {
+     my ($self, $package, $r) = @_;
+ 
+     my @m = qw(<table>);
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $is_main = $package eq "main";
+ 
+     my $do_dump = has($r, "dumper");
diff --git a/apache2-mod_perl.changes b/apache2-mod_perl.changes
index 107cfdb..d7d59ef 100644
--- a/apache2-mod_perl.changes
+++ b/apache2-mod_perl.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Dec 20 11:35:31 UTC 2010 - vcizek@novell.com
+
+- bnc#495434 (cve-2009-0796) 
+
 -------------------------------------------------------------------
 Thu Nov 25 18:09:09 UTC 2010 - chris@computersalat.de
 
diff --git a/apache2-mod_perl.spec b/apache2-mod_perl.spec
index d04e238..1c6aad2 100644
--- a/apache2-mod_perl.spec
+++ b/apache2-mod_perl.spec
@@ -46,6 +46,7 @@ Version:        2.0.4
 Release:        48
 Source0:        mod_perl-%{version}.tar.bz2
 Patch:          %{name}-%{version}-tests.diff
+Patch1:         apache2-mod_perl-2.0.4-xss.patch
 #%define apache_test_version 1_99_15
 # cvs -d :pserver:anoncvs@cvs.apache.org:/home/cvspublic up -r MODPERL_%{apache_test_version}
 #Source1:      Apache-Test-%{apache_test_version}.tar.bz2
@@ -108,6 +109,7 @@ software depending on apache2-mod_perl.
 #%setup -q -n modperl-2.0 -a 1
 %setup -q -n mod_perl-%{version}
 %patch
+%patch1 -p3
 find -name ".svn" -type d | xargs rm -rfv
 
 %build