diff --git a/file-4.20-CVE-2007-2799.dif b/file-4.20-CVE-2007-2799.dif
new file mode 100644
index 0000000..a119f0d
--- /dev/null
+++ b/file-4.20-CVE-2007-2799.dif
@@ -0,0 +1,23 @@
+--- src/funcs.c
++++ src/funcs.c	2007-05-24 14:15:36.218013250 +0200
+@@ -26,7 +26,7 @@
+  */
+ #include "file.h"
+ #include "magic.h"
+-#include <assert.h>
++#include <limits.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -247,7 +247,10 @@ file_getbuffer(struct magic_set *ms)
+ 	len = ms->o.size - ms->o.left;
+ 	/* * 4 is for octal representation, + 1 is for NUL */
+ 	psize = len * 4 + 1;
+-	assert(psize > len);
++	if (len > (ULONG_MAX - 1) / 4) {
++		file_oomem(ms, len);
++		return NULL;
++	}
+ 	if (ms->o.psize < psize) {
+ 		if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
+ 			file_oomem(ms, psize);
diff --git a/file.changes b/file.changes
index a28eb44..f61e548 100644
--- a/file.changes
+++ b/file.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu May 24 11:58:09 CEST 2007 - werner@suse.de
+
+- Fix of the fix for bug #256290 with CVE-2007-2799
+
 -------------------------------------------------------------------
 Mon May 21 11:49:45 CEST 2007 - werner@suse.de
 
diff --git a/file.spec b/file.spec
index 408daf9..50708cc 100644
--- a/file.spec
+++ b/file.spec
@@ -17,7 +17,7 @@ License:        Other uncritical OpenSource License
 Group:          Productivity/File utilities
 Autoreqprov:    on
 Version:        4.20
-Release:        15
+Release:        17
 Summary:        A Tool to Determine File Types
 Source:         ftp://ftp.astron.com/pub/file/file-%{version}.tar.bz2
 Patch:          file-%{version}.dif
@@ -35,6 +35,7 @@ Patch11:        file-4.20-reg_startend.dif
 Patch12:        file-4.20-unused.dif
 Patch13:        file-4.20-reg_dos.dif
 Patch14:        file-4.20-option.dif
+Patch15:        file-4.20-CVE-2007-2799.dif
 Patch20:        file-4.16-mips.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -85,6 +86,7 @@ Authors:
 %patch12 -p0 -b .unused
 %patch13 -p0 -b .reg
 %patch14 -p0 -b .opt
+%patch15 -p0 -b .CVE-2007-2799
 %ifarch mips
 %patch20 -p0 -b .mips
 %endif
@@ -147,6 +149,8 @@ rm -rf $RPM_BUILD_ROOT
 %attr(644,root,root) %{_mandir}/man3/libmagic.3.gz
 
 %changelog
+* Thu May 24 2007 - werner@suse.de
+- Fix of the fix for bug #256290 with CVE-2007-2799
 * Mon May 21 2007 - werner@suse.de
 - Expand search area used before regex (also bug #263754)
 * Mon May 14 2007 - werner@suse.de