diff --git a/maxwin99bug.patch b/maxwin99bug.patch
new file mode 100644
index 0000000..3296d27
--- /dev/null
+++ b/maxwin99bug.patch
@@ -0,0 +1,19 @@
+*** screen-4.0.2/window.c	Fri Dec  5 14:45:41 2003
+--- screen-4.0.2/window.c	Mon Jan 31 12:32:18 2011
+***************
+*** 1117,1123 ****
+  {
+    int pid;
+    char tebuf[25];
+!   char ebuf[10];
+    char shellbuf[7 + MAXPATHLEN];
+    char *proc;
+  #ifndef TIOCSWINSZ
+--- 1117,1123 ----
+  {
+    int pid;
+    char tebuf[25];
+!   char ebuf[25];	// WINDOW=%d needs to be at least 3 digit!
+    char shellbuf[7 + MAXPATHLEN];
+    char *proc;
+  #ifndef TIOCSWINSZ
diff --git a/screen.changes b/screen.changes
index f83d600..7bafa10 100644
--- a/screen.changes
+++ b/screen.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan 31 15:14:38 UTC 2011 - jw@novell.com
+
+- bugfix bnc#668306, a buffer overflow with '%d'.
+  Added maxwin99bug.patch
+  This is already upstream, but was never released.
+
 -------------------------------------------------------------------
 Fri Dec 10 19:40:12 UTC 2010 - jw@novell.com
 
diff --git a/screen.spec b/screen.spec
index 52b7e5e..3e3fec2 100644
--- a/screen.spec
+++ b/screen.spec
@@ -42,6 +42,7 @@ Patch4:         screen-man-loginshell.diff
 Patch5:         screen-4.0.3-ipv6.patch
 # upstream savannah#30880 
 Patch6:         term_too_long.diff
+Patch7:         maxwin99bug.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -59,6 +60,7 @@ Documentation: man page
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 CFLAGS="-DMAXWIN=1000 $RPM_OPT_FLAGS" ./configure --prefix=/usr --infodir=%{_infodir} \