diff --git a/gvfs.changes b/gvfs.changes
index 04d78d2..426d9c6 100644
--- a/gvfs.changes
+++ b/gvfs.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Nov 22 11:01:59 UTC 2017 - dimstar@opensuse.org
+
+- Disable caps(cap_net_bind_service=+ep) from gvfsd-nfs: this is
+  not acceptable from a security PoV, see boo#1065864#c6).
+
 -------------------------------------------------------------------
 Mon Nov 20 19:41:56 UTC 2017 - mgorse@suse.com
 
diff --git a/gvfs.spec b/gvfs.spec
index 33505af..d84a298 100644
--- a/gvfs.spec
+++ b/gvfs.spec
@@ -328,8 +328,9 @@ find %{buildroot}%{_libdir} -type f -name '*.la' -delete -print
 %{_libexecdir}/%{name}/gvfsd-network
 %{_datadir}/%{name}/mounts/network.mount
 %if 0%{?is_opensuse}
-# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure
-%caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs
+# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure, not approved by sec, see boo#1065864
+# %caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs
+%{_libexecdir}/%{name}/gvfsd-nfs
 %{_datadir}/%{name}/mounts/nfs.mount
 %endif
 %if !0%{?is_opensuse}