diff --git a/xine-lib-TKADV2009-004.diff b/xine-lib-TKADV2009-004.diff
new file mode 100644
index 0000000..670a1ec
--- /dev/null
+++ b/xine-lib-TKADV2009-004.diff
@@ -0,0 +1,15 @@
+Index: xine-lib-1.1.16.1/src/demuxers/demux_4xm.c
+===================================================================
+--- xine-lib-1.1.16.1.orig/src/demuxers/demux_4xm.c
++++ xine-lib-1.1.16.1/src/demuxers/demux_4xm.c
+@@ -190,6 +190,10 @@ static int open_fourxm_file(demux_fourxm
+         return 0;
+       }
+       const uint32_t current_track = _X_LE_32(&header[i + 8]);
++      if(current_track >= UINT_MAX / sizeof(audio_track_t) - 1){
++	free(header);
++	return 0;
++      }
+       if (current_track + 1 > fourxm->track_count) {
+         fourxm->track_count = current_track + 1;
+         fourxm->tracks = realloc(fourxm->tracks,
diff --git a/xine-lib.changes b/xine-lib.changes
index 45f3b92..603e681 100644
--- a/xine-lib.changes
+++ b/xine-lib.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Feb 10 16:45:05 CET 2009 - mhopf@suse.de
+
+- Security fix for 4xm demuxer (TKADV2009-004, bnc#473825)
+
 -------------------------------------------------------------------
 Tue Jan 27 19:27:37 CET 2009 - mhopf@suse.de
 
diff --git a/xine-lib.spec b/xine-lib.spec
index dd8e2ce..449b653 100644
--- a/xine-lib.spec
+++ b/xine-lib.spec
@@ -94,7 +94,7 @@ BuildRequires:  DirectFB
 BuildRequires:  libmodplug
 %endif
 Version:        1.1.16.1
-Release:        1
+Release:        2
 # XINE_MAJOR.XINE_LT_CURRENT in configure.ac
 %define abiversion 1.25
 # bug437293
@@ -116,6 +116,7 @@ Source99:       precheckin_cripple_tarball.sh
 # *** xine-lib: Bugfixes
 Patch26:        xine-lib-doc-fix-X11R6.diff
 Patch28:        xine-lib-1.1.14-ia64-is-not-alpha.diff
+Patch29:        xine-lib-TKADV2009-004.diff
 # *** Addons
 Patch50:        vdr-xine-0.8.2.diff.bz2
 Patch51:        vdr-xine-SUSE.diff
@@ -462,6 +463,7 @@ fi
 cd xine-lib-%{version}
 %patch26
 %patch28 -p1
+%patch29 -p1
 %patch50 -p1
 %patch51 -p1
 sed -i 's|^noinst_HEADERS = input_vdr.h|xineinclude_HEADERS = input_vdr.h|' src/vdr/Makefile.am
@@ -803,6 +805,8 @@ rm -rf %{buildroot}
 %endif
 
 %changelog
+* Tue Feb 10 2009 mhopf@suse.de
+- Security fix for 4xm demuxer (TKADV2009-004, bnc#473825)
 * Tue Jan 27 2009 mhopf@suse.de
 - Update to 1.1.16.1:
   * Security fixes: