diff --git a/CVE-2010-2939.patch b/CVE-2010-2939.patch
new file mode 100644
index 0000000..bfa79f5
--- /dev/null
+++ b/CVE-2010-2939.patch
@@ -0,0 +1,12 @@
+Index: openssl-1.0.0/ssl/s3_clnt.c
+===================================================================
+--- openssl-1.0.0.orig/ssl/s3_clnt.c
++++ openssl-1.0.0/ssl/s3_clnt.c
+@@ -1508,6 +1508,7 @@ int ssl3_get_key_exchange(SSL *s)
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx=NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}
diff --git a/openssl.changes b/openssl.changes
index f8ab3b2..1416250 100644
--- a/openssl.changes
+++ b/openssl.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sat Sep 25 08:55:02 UTC 2010 - gjhe@novell.com
+
+- fix bug [bnc#629905]
+  CVE-2010-2939 
+
 -------------------------------------------------------------------
 Wed Jul 28 20:55:18 UTC 2010 - cristian.rodriguez@opensuse.org
 
diff --git a/openssl.spec b/openssl.spec
index b1442d5..64755f2 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -32,7 +32,7 @@ Obsoletes:      openssl-64bit
 %endif
 #
 Version:        1.0.0
-Release:        9
+Release:        10
 Summary:        Secure Sockets and Transport Layer Security
 Url:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -45,6 +45,7 @@ Patch1:         openssl-1.0.0-c_rehash-compat.diff
 Patch2:         bug610223.patch
 Patch3:         CVE-2010-1633_and_CVE-2010-0742.patch
 Patch4:         patchset-19727.diff
+Patch5:         CVE-2010-2939.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -176,6 +177,7 @@ Authors:
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 cp -p %{S:10} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
 # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags