diff --git a/exim-CVE-2017-16944.patch b/exim-CVE-2017-16944.patch
new file mode 100644
index 0000000..2658fe0
--- /dev/null
+++ b/exim-CVE-2017-16944.patch
@@ -0,0 +1,41 @@
+diff -ru a/src/receive.c b/src/receive.c
+--- a/src/receive.c	2017-11-30 09:15:29.593364805 +0100
++++ b/src/receive.c	2017-11-30 09:17:32.026970431 +0100
+@@ -1759,7 +1759,7 @@
+   prevent further reading), and break out of the loop, having freed the
+   empty header, and set next = NULL to indicate no data line. */
+ 
+-  if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
++  if (ptr == 0 && ch == '.' && dot_ends)
+     {
+     ch = (receive_getc)();
+     if (ch == '\r')
+diff -ru a/src/smtp_in.c b/src/smtp_in.c
+--- a/src/smtp_in.c	2017-11-30 09:15:29.593364805 +0100
++++ b/src/smtp_in.c	2017-11-30 09:41:47.270055566 +0100
+@@ -4751,11 +4751,17 @@
+ 	? CHUNKING_LAST : CHUNKING_ACTIVE;
+       chunking_data_left = chunking_datasize;
+ 
++      /* push the current receive_* function on the "stack", and
++      replace them by bdat_getc(), which in turn will use the lwr_receive_*
++      functions to do the dirty work. */
+       lwr_receive_getc = receive_getc;
+       lwr_receive_ungetc = receive_ungetc;
++
+       receive_getc = bdat_getc;
+       receive_ungetc = bdat_ungetc;
+ 
++      dot_ends = FALSE;
++
+       DEBUG(D_any)
+         debug_printf("chunking state %d\n", (int)chunking_state);
+       goto DATA_BDAT;
+@@ -4763,6 +4769,7 @@
+ 
+     case DATA_CMD:
+     HAD(SCH_DATA);
++    dot_ends = TRUE;
+ 
+     DATA_BDAT:		/* Common code for DATA and BDAT */
+     if (!discarded && recipients_count <= 0)
diff --git a/exim.changes b/exim.changes
index a67d8fa..92d074c 100644
--- a/exim.changes
+++ b/exim.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Nov 30 08:32:50 UTC 2017 - wullinger@rz.uni-kiel.de
+
+- add exim-CVE-2017-16944.patch:
+  backport of commit 178ecb70987f024f0e775d87c2f8b2cf587dd542
+  fix for CVE-2017-16944 (#bsc1069859)
+
 -------------------------------------------------------------------
 Mon Nov 27 10:36:17 UTC 2017 - dmueller@suse.com
 
diff --git a/exim.spec b/exim.spec
index 310d140..71f1489 100644
--- a/exim.spec
+++ b/exim.spec
@@ -109,7 +109,8 @@ Source40:       exim.service
 Patch0:         exim-tail.patch
 Patch3:         exim-CVE-2017-1000369.patch
 Patch4:         exim-CVE-2017-16943.patch
-Patch5:         exim-4.86.2-mariadb_102_compile_fix.patch
+Patch5:         exim-CVE-2017-16944.patch
+Patch6:         exim-4.86.2-mariadb_102_compile_fix.patch
 
 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@@ -155,6 +156,7 @@ once, if at all. The rest is done by logrotate / cron.)
 %patch3 -p 1
 %patch4 -p 1
 %patch5 -p 1
+%patch6 -p 1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"