diff --git a/avahi-glib2.spec b/avahi-glib2.spec
index a581915..c357a44 100644
--- a/avahi-glib2.spec
+++ b/avahi-glib2.spec
@@ -31,7 +31,7 @@ Name:           avahi-glib2
 %define         build_qt3 0
 %define         build_qt4 0
 Version:        0.6.23
-Release:        9
+Release:        10
 %if !%build_glib2 && !%build_mono && !%build_qt3 && !%build_qt4
 # Create split spec files only when building per partes:
 #%(sh %{_sourcedir}/%{_name}_spec-prepare.sh %{_sourcedir} %{name})
@@ -79,6 +79,8 @@ Patch8:         avahi-allocsize.patch
 Patch9:         avahi-dnsconfd-netconfig.patch
 #PATCH-FIX-OPENSUSE avahi-unicastdomains.patch bnc433359 lnussel@suse.de -- disable pre-set unicast domains by default
 Patch10:        avahi-unicastdomains.patch
+#PATCH-FIX-UPSTREAM bnc_459007.patch bnc#459007 mauro@suse.de -- fix CVE-2008-5081
+Patch11:        bnc_459007.patch 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  dbus-1-python fdupes gcc-c++ gdbm-devel intltool libdaemon-devel libexpat-devel perl-XML-Parser pkg-config
 # Even if we are not building python bindings, we need python to build service types database:
@@ -831,6 +833,7 @@ Authors:
 %patch8
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %if !%build_core
 # Replace all .la references from local .la files to installed versions
 # with exception of libavahi-glib.la.
diff --git a/avahi-mono.spec b/avahi-mono.spec
index f49d1d2..7f67c86 100644
--- a/avahi-mono.spec
+++ b/avahi-mono.spec
@@ -31,7 +31,7 @@ Name:           avahi-mono
 %define         build_qt3 0
 %define         build_qt4 0
 Version:        0.6.23
-Release:        57
+Release:        58
 %if !%build_glib2 && !%build_mono && !%build_qt3 && !%build_qt4
 # Create split spec files only when building per partes:
 #%(sh %{_sourcedir}/%{_name}_spec-prepare.sh %{_sourcedir} %{name})
@@ -79,6 +79,8 @@ Patch8:         avahi-allocsize.patch
 Patch9:         avahi-dnsconfd-netconfig.patch
 #PATCH-FIX-OPENSUSE avahi-unicastdomains.patch bnc433359 lnussel@suse.de -- disable pre-set unicast domains by default
 Patch10:        avahi-unicastdomains.patch
+#PATCH-FIX-UPSTREAM bnc_459007.patch bnc#459007 mauro@suse.de -- fix CVE-2008-5081
+Patch11:        bnc_459007.patch 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  dbus-1-python fdupes gcc-c++ gdbm-devel intltool libdaemon-devel libexpat-devel perl-XML-Parser pkg-config
 # Even if we are not building python bindings, we need python to build service types database:
@@ -830,6 +832,7 @@ Authors:
 %patch8
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %if !%build_core
 # Replace all .la references from local .la files to installed versions
 # with exception of libavahi-glib.la.
diff --git a/avahi-qt4.spec b/avahi-qt4.spec
index 71ef02e..e5fff8f 100644
--- a/avahi-qt4.spec
+++ b/avahi-qt4.spec
@@ -31,7 +31,7 @@ Name:           avahi-qt4
 %define         build_qt3 0
 %define         build_qt4 1
 Version:        0.6.23
-Release:        9
+Release:        10
 %if !%build_glib2 && !%build_mono && !%build_qt3 && !%build_qt4
 # Create split spec files only when building per partes:
 #%(sh %{_sourcedir}/%{_name}_spec-prepare.sh %{_sourcedir} %{name})
@@ -79,6 +79,8 @@ Patch8:         avahi-allocsize.patch
 Patch9:         avahi-dnsconfd-netconfig.patch
 #PATCH-FIX-OPENSUSE avahi-unicastdomains.patch bnc433359 lnussel@suse.de -- disable pre-set unicast domains by default
 Patch10:        avahi-unicastdomains.patch
+#PATCH-FIX-UPSTREAM bnc_459007.patch bnc#459007 mauro@suse.de -- fix CVE-2008-5081
+Patch11:        bnc_459007.patch 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  dbus-1-python fdupes gcc-c++ gdbm-devel intltool libdaemon-devel libexpat-devel perl-XML-Parser pkg-config
 # Even if we are not building python bindings, we need python to build service types database:
@@ -833,6 +835,7 @@ Authors:
 %patch8
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %if !%build_core
 # Replace all .la references from local .la files to installed versions
 # with exception of libavahi-glib.la.
diff --git a/avahi.changes b/avahi.changes
index 340f008..efd3f90 100644
--- a/avahi.changes
+++ b/avahi.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Dec 17 09:10:32 CET 2008 - mauro@suse.de 
+
+- Added bnc_459007.patch to fix bnc#459007
+  + Fixes CVE-2008-5081
+
 -------------------------------------------------------------------
 Mon Dec 15 18:21:42 CET 2008 - sbrabec@suse.cz
 
diff --git a/avahi.spec b/avahi.spec
index 273a26d..80d03d2 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -33,7 +33,7 @@ Name:           avahi
 %define         build_qt3 0
 %define         build_qt4 0
 Version:        0.6.23
-Release:        38
+Release:        39
 %if !%build_glib2 && !%build_mono && !%build_qt3 && !%build_qt4
 # Create split spec files only when building per partes:
 #%(sh %{_sourcedir}/%{_name}_spec-prepare.sh %{_sourcedir} %{name})
@@ -81,6 +81,8 @@ Patch8:         avahi-allocsize.patch
 Patch9:         avahi-dnsconfd-netconfig.patch
 #PATCH-FIX-OPENSUSE avahi-unicastdomains.patch bnc433359 lnussel@suse.de -- disable pre-set unicast domains by default
 Patch10:        avahi-unicastdomains.patch
+#PATCH-FIX-UPSTREAM bnc_459007.patch bnc#459007 mauro@suse.de -- fix CVE-2008-5081
+Patch11:        bnc_459007.patch 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  dbus-1-python fdupes gcc-c++ gdbm-devel intltool libdaemon-devel libexpat-devel perl-XML-Parser pkg-config
 # Even if we are not building python bindings, we need python to build service types database:
@@ -833,6 +835,7 @@ Authors:
 %patch8
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 %if !%build_core
 # Replace all .la references from local .la files to installed versions
 # with exception of libavahi-glib.la.
@@ -1314,6 +1317,9 @@ fi
 %endif
 
 %changelog
+* Wed Dec 17 2008 mauro@suse.de 
+- Added bnc_459007.patch to fix bnc#459007
+  + Fixes CVE-2008-5081
 * Mon Dec 15 2008 sbrabec@suse.cz
 - avahi-discover.glade is required by avahi-utils-gtk and
   python-avahi-gtk => move to avahi (bnc#456418).
diff --git a/bnc_459007.patch b/bnc_459007.patch
new file mode 100644
index 0000000..3e07241
--- /dev/null
+++ b/bnc_459007.patch
@@ -0,0 +1,16 @@
+diff -Naur avahi-0.6.20/avahi-core/server.c avahi-0.6.20-mp/avahi-core/server.c
+--- avahi-0.6.20/avahi-core/server.c	2007-05-09 00:51:01.000000000 +0200
++++ avahi-0.6.20-mp/avahi-core/server.c	2008-12-17 09:03:42.103972000 +0100
+@@ -899,6 +899,12 @@
+         return;
+     }
+ 
++    if (port <= 0) {
++	/* This fixes RHBZ #475394, bnc#459007 */
++	avahi_log_warn("Received packet from invalid source port.");
++	return;
++    }
++
+     if (avahi_address_is_ipv4_in_ipv6(src_address))
+         /* This is an IPv4 address encapsulated in IPv6, so let's ignore it. */
+         return;