diff --git a/qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch b/qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
new file mode 100644
index 0000000..0ad9224
--- /dev/null
+++ b/qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
@@ -0,0 +1,25 @@
+diff -up qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.orig qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp
+--- qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.orig	2009-08-18 12:28:26.000000000 +0200
++++ qt-x11-opensource-src-4.5.2/src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp	2009-08-18 12:33:43.000000000 +0200
+@@ -867,7 +867,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+                     }
+                 } else {
+                     // FIXME: We should eventually colorize entities by sending them as a special token.
+-                    checkBuffer(11);
++                    // 12 bytes required: up to 10 bytes in m_cBuffer plus the
++                    // leading '&' and trailing ';'
++                    checkBuffer(12);
+                     *dest++ = '&';
+                     for (unsigned i = 0; i < cBufferPos; i++)
+                         dest[i] = m_cBuffer[i];
+@@ -878,7 +880,9 @@ HTMLTokenizer::State HTMLTokenizer::pars
+                     }
+                 }
+             } else {
+-                checkBuffer(10);
++                // 11 bytes required: up to 10 bytes in m_cBuffer plus the
++                // leading '&'
++                checkBuffer(11);
+                 // ignore the sequence, add it to the buffer as plaintext
+                 *dest++ = '&';
+                 for (unsigned i = 0; i < cBufferPos; i++)
diff --git a/qt.spec b/qt.spec
index 24e3271..f4ed034 100644
--- a/qt.spec
+++ b/qt.spec
@@ -12,7 +12,7 @@ Epoch:   1
 Name:    qt4
 %endif
 Version: 4.5.2
-Release: 8%{?dist}
+Release: 9%{?dist}
 
 # See LGPL_EXCEPTIONS.txt, LICENSE.GPL3, respectively, for exception details
 License: LGPLv2 with exceptions or GPLv3 with exceptions
@@ -71,6 +71,10 @@ Patch0288: 0288-more-x-keycodes.patch
 # http://qt.gitorious.org/+kde-developers/qt/kde-qt/commits/4.5.2-patched
 # once they actually contain all the patches from qt-copy (0283 and 0285 are
 # AWOL, 0274 got incorrectly ported to 4.5.2 (one hunk missing))
+
+# security patches
+Patch100: qt-x11-opensource-src-4.5.2-CVE-2009-1725.patch
+
 %define qt_copy 20090626
 Source1: qt-copy-patches-svn_checkout.sh
 %{?qt_copy:Source2: qt-copy-patches-%{qt_copy}svn.tar.bz2}
@@ -406,6 +410,9 @@ popd
 %patch54 -p1 -b .mysql_config
 %patch55 -p1 -b .timestamp
 
+# security fixes
+%patch100 -p1 -b .CVE-2009-1725
+
 %patch287 -p1 -b .287-qmenu-respect-minwidth
 %patch0288 -p1 -b .0288-more-x-keycodes
 
@@ -931,6 +938,9 @@ fi
 %{_datadir}/icons/hicolor/*/apps/qt4-logo.*
 
 %changelog
+* Tue Aug 18 2009 Than Ngo <than@redhat.com> - 4.5.2-9
+- security fix for CVE-2009-1725 (bz#513813)
+
 * Sun Aug 16 2009 Than Ngo <than@redhat.com> - 4.5.2-8
 - fix phonon-backend-gstreamer for using pulsaudio (#513421)