diff --git a/kio-extras5.changes b/kio-extras5.changes
index 5b697aa..06ca8a2 100644
--- a/kio-extras5.changes
+++ b/kio-extras5.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Nov 13 22:15:00 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Added sanitize_path.patch from upstream, CVE-2014-8600
+
 -------------------------------------------------------------------
 Thu Nov  6 20:14:13 UTC 2014 - hrvoje.senjan@gmail.com
 
diff --git a/kio-extras5.spec b/kio-extras5.spec
index 83b1612..93b7626 100644
--- a/kio-extras5.spec
+++ b/kio-extras5.spec
@@ -35,6 +35,8 @@ Patch2:         0003-don-t-screw-up-the-filenames.patch
 Patch3:         0004-Added-support-for-NFSv3-major-refactoring-fixed-bugs.patch
 # PATCH-FIX-UPSTREAM 0005-kio_sftp-Use-the-right-type-for-timeout_sec-and-time.patch
 Patch4:         0005-kio_sftp-Use-the-right-type-for-timeout_sec-and-time.patch
+# PATCH-FIX-UPSTREAM sanitize_path.patch
+Patch5:         sanitize_path.patch
 BuildRequires:  OpenEXR-devel
 BuildRequires:  karchive-devel
 BuildRequires:  kconfig-devel
@@ -84,6 +86,7 @@ Additional KIO-slaves for KDE applications.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 sed -i '/^add_subdirectory( doc )/d' CMakeLists.txt
 
 %build
diff --git a/sanitize_path.patch b/sanitize_path.patch
new file mode 100644
index 0000000..2d17527
--- /dev/null
+++ b/sanitize_path.patch
@@ -0,0 +1,31 @@
+From: Martin Sandsmark <martin.sandsmark@kde.org>
+Date: Thu, 13 Nov 2014 12:42:49 +0000
+Subject: Sanitize path
+X-Git-Url: http://quickgit.kde.org/?p=kio-extras.git&a=commitdiff&h=13155c8eb71d1c946bea21c38ea0f8ca7c7013cd
+---
+Sanitize path
+
+Reviewed at security@kde.org
+---
+
+
+--- a/bookmarks/kio_bookmarks.cpp
++++ b/bookmarks/kio_bookmarks.cpp
+@@ -22,6 +22,7 @@
+ #include <stdlib.h>
+ 
+ #include <qregexp.h>
++#include <qtextdocument.h>
+ #include <qurlquery.h>
+ 
+ #include <kapplication.h>
+@@ -198,7 +199,7 @@
+     echoImage(regexp.cap(1), regexp.cap(2), QUrlQuery(url).queryItemValue("size"));
+   } else {
+     echoHead();
+-    echo("<p class=\"message\">" + i18n("Wrong request: %1",path) + "</p>");
++    echo("<p class=\"message\">" + i18n("Wrong request: %1", Qt::escape(url.toDisplayString())) + "</p>");
+   }
+   finished();
+ }
+