diff --git a/expat-CVE-2009-2625.patch b/expat-CVE-2009-2625.patch
index f1de4ee..71ef4c1 100644
--- a/expat-CVE-2009-2625.patch
+++ b/expat-CVE-2009-2625.patch
@@ -1,8 +1,10 @@
 http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15
 
---- lib/xmltok_impl.c
+Index: lib/xmltok_impl.c
+===================================================================
+--- lib/xmltok_impl.c.orig
 +++ lib/xmltok_impl.c
-@@ -1744,7 +1744,7 @@
+@@ -1744,7 +1744,7 @@ PREFIX(updatePosition)(const ENCODING *e
                         const char *end,
                         POSITION *pos)
  {
diff --git a/expat-CVE-2009-3560.patch b/expat-CVE-2009-3560.patch
new file mode 100644
index 0000000..13a0cdd
--- /dev/null
+++ b/expat-CVE-2009-3560.patch
@@ -0,0 +1,14 @@
+http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
+
+Index: lib/xmlparse.c
+===================================================================
+--- lib/xmlparse.c.orig
++++ lib/xmlparse.c
+@@ -3725,7 +3725,6 @@ doProlog(XML_Parser parser,
+         return XML_ERROR_NO_ELEMENTS;
+       default:
+         tok = -tok;
+-        next = end;
+         break;
+       }
+     }
diff --git a/expat.changes b/expat.changes
index 115a824..77c1760 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Dec  4 15:43:29 CET 2009 - prusnak@suse.cz
+
+- fix DoS (CVE-2009-3560.patch) [bnc#558892]
+
 -------------------------------------------------------------------
 Thu Oct 29 14:22:47 CET 2009 - prusnak@suse.cz
 
diff --git a/expat.spec b/expat.spec
index edb9891..81df7d2 100644
--- a/expat.spec
+++ b/expat.spec
@@ -20,7 +20,7 @@
 
 Name:           expat
 Version:        2.0.1
-Release:        91
+Release:        92
 Group:          Development/Libraries/C and C++
 License:        MIT License (or similar)
 Url:            http://expat.sourceforge.net/
@@ -33,6 +33,7 @@ Summary:        XML Parser Toolkit
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        %{name}faq.html
 Patch0:         %{name}-CVE-2009-2625.patch
+Patch1:         %{name}-CVE-2009-3560.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  gcc-c++
 
@@ -142,6 +143,7 @@ Authors:
 %prep
 %setup -q
 %patch0
+%patch1
 cp %{S:1} .
 rm -f examples/*.dsp