diff --git a/CVE-2012-0390.patch b/CVE-2012-0390.patch
new file mode 100644
index 0000000..5e5ba12
--- /dev/null
+++ b/CVE-2012-0390.patch
@@ -0,0 +1,18 @@
+Index: gnutls-3.0.3/lib/gnutls_cipher.c
+===================================================================
+--- gnutls-3.0.3.orig/lib/gnutls_cipher.c
++++ gnutls-3.0.3/lib/gnutls_cipher.c
+@@ -559,7 +559,12 @@ ciphertext_to_compressed (gnutls_session
+           }
+ 
+       if (length < 0)
+-        length = 0;
++      {
++	      /* Setting a proper length to prevent timing differences in
++	       * processing of records with invalid encryption.
++	       */
++	      length = ciphertext->size - tag_size;
++      }
+ 
+       /* Pass the type, version, length and compressed through
+        * MAC.
diff --git a/gnutls.changes b/gnutls.changes
index 642a3f6..565964c 100644
--- a/gnutls.changes
+++ b/gnutls.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Feb 13 06:09:57 UTC 2012 - gjhe@suse.com
+
+- fix Bug[bnc#739898] - VUL-1: CVE-2012-0390: GnuTLS DTLS plaintext 
+  recovery attack.
+
 -------------------------------------------------------------------
 Wed Nov 30 12:43:57 UTC 2011 - vuntz@opensuse.org
 
diff --git a/gnutls.spec b/gnutls.spec
index a48c534..c4b16c9 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package gnutls
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,7 @@ Patch0:         gnutls-fix-compression.patch
 # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 vuntz@opensuse.org -- Fix a crash because of badly used strcat, sent upstream by mail on 2011-10-17
 Patch1:         gnutls-fix-crash-on-strcat.patch
 Patch2:         CVE-2011-4128.patch
+Patch3:         CVE-2012-0390.patch
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel >= 2.2
@@ -158,6 +159,7 @@ implements the proposed standards of the IETF's TLS working group.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 %configure \