diff --git a/ecryptfs-utils.changes b/ecryptfs-utils.changes
index 0c2055a..0e94c23 100644
--- a/ecryptfs-utils.changes
+++ b/ecryptfs-utils.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jul 11 11:48:24 UTC 2012 - meissner@suse.com
+
+- also supply MS_NODEV to avoid exposing device files
+  if someone got them on the encrypted media.
+
 -------------------------------------------------------------------
 Tue Jul 10 14:03:27 UTC 2012 - meissner@suse.com
 
diff --git a/ecryptfs-utils.security.patch b/ecryptfs-utils.security.patch
index 0fcda43..613c680 100644
--- a/ecryptfs-utils.security.patch
+++ b/ecryptfs-utils.security.patch
@@ -256,7 +256,7 @@ Index: ecryptfs-utils-96/src/utils/mount.ecryptfs_private.c
  		}
   		/* Perform mount */
 -		if (mount(src, ".", FSTYPE, 0, opt) == 0) {
-+		if (mount(src, ".", FSTYPE, MS_NOSUID, opt) == 0) {
++		if (mount(src, ".", FSTYPE, MS_NOSUID|MS_NODEV, opt) == 0) {
  			if (update_mtab(src, dest, opt) != 0) {
  				goto fail;
  			}