diff --git a/proftpd-null_pointer.patch b/proftpd-null_pointer.patch
new file mode 100644
index 0000000..d2c7c77
--- /dev/null
+++ b/proftpd-null_pointer.patch
@@ -0,0 +1,37 @@
+# Mitigation CVE-2024-57392 / GHSA-cf42-x7h8-3v3q #1866
+# #1866: Some of the fuzzing tests submitted in the advisory ran into existing
+# null pointer dereferences (not buffer overflows); let's correct them.
+Index: modules/mod_ls.c
+===================================================================
+--- modules/mod_ls.c.orig
++++ modules/mod_ls.c
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
+- * Copyright (c) 2001-2022 The ProFTPD Project
++ * Copyright (c) 2001-2025 The ProFTPD Project
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -360,7 +360,8 @@ static int sendline(int flags, char *fmt
+           errno != 0) {
+         int xerrno = errno;
+ 
+-        if (session.d != NULL) {
++        if (session.d != NULL &&
++            session.d->outstrm != NULL) {
+           xerrno = PR_NETIO_ERRNO(session.d->outstrm);
+         }
+ 
+@@ -1101,7 +1102,9 @@ static int outputfiles(cmd_rec *cmd) {
+     return res;
+   }
+ 
+-  tail->down = NULL;
++  if (tail != NULL) {  
++    tail->down = NULL;
++  }
+   tail = NULL;
+   colwidth = (colwidth | 7) + 1;
+   if (opt_l || !opt_C) {
diff --git a/proftpd.changes b/proftpd.changes
index c8c0cc1..591f5d0 100644
--- a/proftpd.changes
+++ b/proftpd.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Feb 20 09:05:57 UTC 2025 - chris@computersalat.de
+
+- fix for boo#1236889 (CVE-2024-57392)
+  https://github.com/proftpd/proftpd/issues/1866
+  Some of the fuzzing tests submitted in the advisory ran into existing null
+  pointer dereferences (not buffer overflows); let's correct them.
+- Add proftpd-null_pointer.patch
+
 -------------------------------------------------------------------
 Thu Jan  9 17:25:19 UTC 2025 - chris@computersalat.de
 
diff --git a/proftpd.spec b/proftpd.spec
index 2bb6052..b5331b7 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -60,6 +60,8 @@ Patch104:       %{name}-no_BuildDate.patch
 Patch105:       %{name}_env-script-interpreter.patch
 #openSUSE:Security_Features#Systemd_hardening_effort
 Patch106:       harden_proftpd.service.patch
+#PATCH-FIX-Upstream: Mitigation CVE-2024-57392 / GHSA-cf42-x7h8-3v3q #1866
+Patch200:       %{name}-null_pointer.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #BuildRequires:  gpg-offline
 BuildRequires:  cyrus-sasl-devel