diff --git a/konversation-1.0.1-dcop-newline-removal.patch b/konversation-1.0.1-dcop-newline-removal.patch
new file mode 100644
index 0000000..f881b4f
--- /dev/null
+++ b/konversation-1.0.1-dcop-newline-removal.patch
@@ -0,0 +1,29 @@
+diff -ru konversation-old/konversation/src/konvdcop.cpp konversation-new/konversation/src/konvdcop.cpp
+--- konversation-old/konversation/src/konvdcop.cpp	2006-10-06 18:43:29.000000000 +0200
++++ konversation-new/konversation/src/konvdcop.cpp	2008-04-09 17:36:38.000000000 +0200
+@@ -82,15 +82,23 @@
+     emit dcopMultiServerRaw("me " + message);
+ }
+ 
+-void KonvDCOP::say(const QString& server,const QString& target,const QString& command)
++void KonvDCOP::say(const QString& _server,const QString& _target,const QString& _command)
+ {
++    //Sadly, copy on write doesn't exist with QString::replace
++    QString server(_server), target(_target), command(_command);
++
+     // TODO: this just masks a greater problem - Server::addQuery will return a query for '' --argonel
+     // TODO: other DCOP calls need argument checking too --argonel
+     if (server.isEmpty() || target.isEmpty() || command.isEmpty())
+         kdDebug() <<  "KonvDCOP::say() requires 3 arguments." << endl;
+     else
+     {
+-        kdDebug() << "KonvDCOP::say()" << endl;
++        command.replace('\n',"\\n");
++        command.replace('\r',"\\r");
++        target.remove('\n');
++        target.remove('\r');
++        server.remove('\n');
++        server.remove('\r');
+         // Act as if the user typed it
+         emit dcopSay(server,target,command);
+     }
diff --git a/konversation.spec b/konversation.spec
index b755480..6128fb8 100644
--- a/konversation.spec
+++ b/konversation.spec
@@ -1,6 +1,6 @@
 Name:           konversation
 Version:        1.0.1
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Konversation is a user friendly IRC client for KDE
 
 Group:          Applications/Internet
@@ -8,6 +8,7 @@ License:        GPLv2+
 URL:            http://konversation.kde.org
 Source0:        http://download.berlios.de/konversation/konversation-%{version}.tar.bz2
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch0:         konversation-1.0.1-dcop-newline-removal.patch
 
 
 BuildRequires:  desktop-file-utils
@@ -31,6 +32,7 @@ to chat windows; configurable background colors and much more
 
 %prep
 %setup -q
+%patch0 -p1 -b .dcop
 
 %build
 unset QTDIR || : ; . /etc/profile.d/qt.sh
@@ -54,9 +56,6 @@ desktop-file-install \
 --delete-original \
 $RPM_BUILD_ROOT%{_datadir}/applications/kde/konversation.desktop
 
-# CVE-2007-4400
-rm -f $RPM_BUILD_ROOT%{_datadir}/apps/konversation/scripts/media
-
 ## File lists
 # locale's
 %find_lang %{name} || touch %{name}.lang
@@ -99,6 +98,10 @@ touch --no-create %{_datadir}/icons/crystalsvg || :
 
 
 %changelog
+* Wed Apr 09 2008 Dennis Gilmore <dennis@ausil.us> - 1.0.1-6
+- apply patch from upstream handling CVE-2007-4400 correctly
+- reenable media script
+
 * Mon Mar 10 2008 Rex Dieter <rdieter@fedoraproject.org> - 1.0.1-5
 - drop Requires: kdebase3 (#435873)
 - f9+: dfi vendor fedora -> kde