diff --git a/htmldoc.changes b/htmldoc.changes
index 8649e6a..4cf6867 100644
--- a/htmldoc.changes
+++ b/htmldoc.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Dec 11 15:27:38 CET 2009 - lmuelle@suse.de
+
+- Fix buffer overflow in the set_page_size function; CVE-2009-3050;
+  (bnc#535943).
+
 -------------------------------------------------------------------
 Thu Aug  3 12:57:27 CEST 2006 - lmuelle@suse.de
 
diff --git a/htmldoc.spec b/htmldoc.spec
index 544a60b..50873e4 100644
--- a/htmldoc.spec
+++ b/htmldoc.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package htmldoc (Version 1.8.27)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,15 +20,16 @@
 
 Name:           htmldoc
 BuildRequires:  fltk-devel freeglut-devel gcc-c++ libdrm-devel libjpeg-devel libpng-devel openssl-devel
-License:        LGPL v2.1 or later
+License:        LGPLv2.1+
 Group:          Productivity/Publishing/HTML/Tools
 Url:            http://htmldoc.org/
 AutoReqProv:    on
 Version:        1.8.27
-Release:        171
+Release:        172
 Summary:        HTML Processor that Generates HTML, PostScript, and PDF Files
 Source:         %{name}-%{version}-source.tar.bz2
 Patch:          %{name}-docpath.diff
+Patch1:         htmldoc_CVE-2009-3050_535943.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define       DOCDIR %{_datadir}/doc/packages/%{name}
 
@@ -46,6 +47,7 @@ Authors:
 %prep
 %setup 
 %patch
+%patch1 -p1
 
 %build
 %{?suse_update_config:%{suse_update_config -f}}
@@ -70,6 +72,7 @@ make \
 	prefix=${RPM_BUILD_ROOT}/%{_usr} \
 	mandir=${RPM_BUILD_ROOT}/%{_mandir} \
 install 
+rm -v doc/Makefile
 
 %files 
 %defattr(-,root,root)
@@ -79,94 +82,3 @@ install
 %doc doc/ cgi-bin/ CHANGES.txt COMPILE.txt COPYING.txt README.txt
 
 %changelog
-* Thu Aug 03 2006 lmuelle@suse.de
-- Update to version 1.8.27.
-  + Fixed a crash bug that appeared when more than 10 blank
-  pages were present in a document (PR #6223)
-  + Color changes were not reflected in PRE text (STR #129)
-  + Remote URLs did not always work on older operating
-  systems (PR #6179)
-  + Image filenames using %% escapes were not decoded
-  properly.
-  + Rows using BGCOLOR that spanned across multiple pages
-  did not render properly (PR #6149)
-  + Rows no longer start on a new page due to a cell with
-  both HEIGHT and ROWSPAN specified (PR #6086)
-  + CMYK JPEG images caused HTMLDOC to crash (PR #6106)
-  + Table cell width calculations didn't always account for
-  the proper minimum width (STR #121)
-  + Images were not copied when generating indexed HTML
-  output to a directory (STR #117)
-  + Changing the bottom margin resulted in text that was
-  formatted below the bottom margin.
-  + The Monospace-Oblique font was not embedded properly in
-  PDF files.
-  + Outline and keyword strings in PDF files are now stored
-  as Unicode (STR #113)
-  + The Flate compression code could get in an infinite
-  loop if it ran out of memory (STR #101)
-  + Book files saved from the GUI did not handle filenames
-  with spaces (STR #105)
-  + Fixed and re-enabled the ASCII85Device filter support
-  in PostScript Level 2/3 output (STR #116)
-  + Character entities in the first word of a file were not
-  rendered properly (STR #111)
-  + Fixed-size table columns were incorrectly resized when
-  a table width was also specified and there was extra
-  space to distribute (PR #6062)
-  + Text could "walk" up or down when in-line images were
-  used (PR #6034)
-  + Row backgrounds incorrectly replaced cell backgrounds
-  when the first cell in a row used ROWSPAN (PR #6033, PR
-  [#6036])
-  + HTMLDOC did not correctly parse FONT FACE attributes
-  (PR #6006)
-  + Images in Level 2/3 PostScript output did not work on
-  some printers (PR #6000)
-  + The GUI did not use the first page header (PR #5978)
-* Wed Jan 25 2006 mls@suse.de
-- converted neededforbuild to BuildRequires
-* Tue Nov 22 2005 lmuelle@suse.de
-- Update to version 1.8.25.
-* Wed Dec 08 2004 lmuelle@suse.de
-- Update to version 1.8.24; [#43261].
-* Mon May 17 2004 lmuelle@suse.de
-- Add -fno-strict-aliasing to CFLAGS.
-* Mon Mar 22 2004 ro@suse.de
-- removed .orig file
-* Sat Jan 10 2004 adrian@suse.de
-- add %%defattr
-* Mon Feb 24 2003 gd@suse.de
-- update to version 1.8.23
-* Fri Aug 16 2002 ro@suse.de
-- removed empty post/postun scripts (#17875) (again)
-* Fri Aug 16 2002 gd@suse.de
-- update to version 1.8.21
-* Tue Aug 13 2002 ro@suse.de
-- fix compilation with new fltk
-* Thu Jul 04 2002 gd@suse.de
-- update to version 1.8.20
-- added diff to correct DOCDIR-path and missing fonts
-- cleanups (%%files, %%{_mandir})
-* Tue Feb 05 2002 gd@suse.de
-- added libpng to neededforbuild
-* Mon Feb 04 2002 gd@suse.de
-- update to version 1.8.18
-- the gui finally compiles with fltk-1.1.0b10
-- added libjpeg to neededforbuild
-* Thu Dec 06 2001 schwab@suse.de
-- Fix fltk configuration.
-* Thu Dec 06 2001 gd@suse.de
-- fixed buildroot again
-* Thu Dec 06 2001 ro@suse.de
-- fixed format of changes file (again)
-* Tue Dec 04 2001 gd@suse.de
-- added FLTKCONFIG-path
-- fixed neededforbuild
-- fixed buildroot
-* Mon Dec 03 2001 gd@suse.de
-- fixed needeforbuild
-* Mon Nov 26 2001 gd@suse.de
-- update to 1.8.16
-* Sat Oct 06 2001 gd@suse.de
-- start
diff --git a/htmldoc_CVE-2009-3050_535943.diff b/htmldoc_CVE-2009-3050_535943.diff
new file mode 100644
index 0000000..a93e72d
--- /dev/null
+++ b/htmldoc_CVE-2009-3050_535943.diff
@@ -0,0 +1,41 @@
+Fix several insecure calls to sscanf(), bug 278186.
+
+Index: htmldoc-1.8.27/htmldoc/htmllib.cxx
+===================================================================
+--- htmldoc-1.8.27.orig/htmldoc/htmllib.cxx
++++ htmldoc-1.8.27/htmldoc/htmllib.cxx
+@@ -2139,7 +2139,7 @@ htmlLoadFontWidths(void)
+ 	  * assigned charset...
+ 	  */
+ 
+-          if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%s", &width, glyph) != 2)
++          if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%63s", &width, glyph) != 2)
+ 	    continue;
+ 
+           for (ch = 0; ch < 256; ch ++)
+Index: htmldoc-1.8.27/htmldoc/ps-pdf.cxx
+===================================================================
+--- htmldoc-1.8.27.orig/htmldoc/ps-pdf.cxx
++++ htmldoc-1.8.27/htmldoc/ps-pdf.cxx
+@@ -12512,7 +12512,7 @@ write_type1(FILE       *out,		/* I - Fil
+ 	  * assigned charset...
+ 	  */
+ 
+-	  if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%s", &width, glyph) != 2)
++	  if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%63s", &width, glyph) != 2)
+ 	    continue;
+ 
+ 	  for (ch = 0; ch < 256; ch ++)
+Index: htmldoc-1.8.27/htmldoc/util.cxx
+===================================================================
+--- htmldoc-1.8.27.orig/htmldoc/util.cxx
++++ htmldoc-1.8.27/htmldoc/util.cxx
+@@ -484,7 +484,7 @@ set_page_size(const char *size)	/* I - P
+     PageWidth  = 595;
+     PageLength = 792;
+   }
+-  else if (sscanf(size, "%fx%f%s", &width, &length, units) >= 2)
++  else if (sscanf(size, "%fx%f%254s", &width, &length, units) >= 2)
+   {
+    /*
+     * Custom size...