diff --git a/CVE-2020-8955.patch b/CVE-2020-8955.patch
new file mode 100644
index 0000000..41d89df
--- /dev/null
+++ b/CVE-2020-8955.patch
@@ -0,0 +1,46 @@
+From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
+Date: Sat, 8 Feb 2020 20:24:50 +0100
+Subject: [PATCH] irc: fix crash when receiving a malformed message 324
+ (channel mode)
+
+Thanks to Stuart Nevans Locke for reporting the issue.
+---
+ ChangeLog.adoc             |  1 +
+ src/plugins/irc/irc-mode.c | 21 ++++++++++++---------
+ 2 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c
+index 2237a344b..e79f0deb7 100644
+--- a/src/plugins/irc/irc-mode.c
++++ b/src/plugins/irc/irc-mode.c
+@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
+                     current_arg++;
+                 if (pos[0] == chanmode)
+                 {
+-                    chanmode_found = 1;
+-                    if (set_flag == '+')
++                    if (!chanmode_found)
+                     {
+-                        str_mode[0] = pos[0];
+-                        str_mode[1] = '\0';
+-                        strcat (new_modes, str_mode);
+-                        if (argument)
++                        chanmode_found = 1;
++                        if (set_flag == '+')
+                         {
+-                            if (new_args[0])
+-                                strcat (new_args, " ");
+-                            strcat (new_args, argument);
++                            str_mode[0] = pos[0];
++                            str_mode[1] = '\0';
++                            strcat (new_modes, str_mode);
++                            if (argument)
++                            {
++                                if (new_args[0])
++                                    strcat (new_args, " ");
++                                strcat (new_args, argument);
++                            }
+                         }
+                     }
+                 }
diff --git a/weechat.changes b/weechat.changes
index c978397..7fe1422 100644
--- a/weechat.changes
+++ b/weechat.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Feb 17 12:43:01 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- fix boo#1163889 - CVE-2020-8955 , add patch CVE-2020-8955.patch
+
 -------------------------------------------------------------------
 Fri Jan 31 22:11:09 UTC 2020 - Maximilian Trummer <opensuse@trummer.xyz>
 
diff --git a/weechat.spec b/weechat.spec
index bc6d4f3..280cdb2 100644
--- a/weechat.spec
+++ b/weechat.spec
@@ -28,6 +28,7 @@ Source1:        weechat.desktop
 Source2:        %{name}.keyring
 Source3:        https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc
 Source4:        %{name}.changes
+Patch0:         CVE-2020-8955.patch
 BuildRequires:  ca-certificates
 BuildRequires:  cmake
 BuildRequires:  curl-devel
@@ -126,6 +127,7 @@ Spell-checking support for %{name}, using the aspell and enchant libraries.
 
 %prep
 %setup -q
+%patch0 -p1
 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")"
 DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
 TIME="\"$(date -d "${modified}" "+%%R")\""
@@ -144,7 +146,7 @@ export CFLAGS="%{optflags}"
     -DENABLE_JAVASCRIPT=OFF \
     -DENABLE_PHP=OFF \
     -DCA_FILE=%{_sysconfdir}/ssl/ca-bundle.pem
-%make_jobs
+%cmake_build
 
 %install
 %cmake_install
@@ -154,8 +156,6 @@ install -D -m 0644 "%{SOURCE1}" "%{buildroot}%{_datadir}/applications/%{name}.de
 
 %find_lang "%{name}" --with-man
 
-
-
 %files
 %doc AUTHORS.adoc ChangeLog.adoc Contributing.adoc
 %doc README.adoc ReleaseNotes.adoc