diff --git a/logwatch-secure.patch b/logwatch-secure.patch
new file mode 100644
index 0000000..a7296ef
--- /dev/null
+++ b/logwatch-secure.patch
@@ -0,0 +1,48 @@
+--- logwatch-svn110-dist/scripts/services/secure	2012-09-27 10:01:34.178205179 +0200
++++ logwatch-svn110-new/scripts/services/secure	2012-09-27 10:38:06.128565662 +0200
+@@ -198,7 +198,7 @@
+    #Woody - specific, thanks to Michael Stovenour
+    if ($ThisLine =~ /^PAM_unix[\[\]0-9]*:/i ) { next; }
+ 
+-   if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid < 100\" (was|not) met by user /) or
++   if (( $ThisLine =~ /pam_succeed_if(\([a-zA-Z]*:[a-zA-Z]*\))?: requirement \"uid (<|>)=? 1000?\" (was|not) met by user /) or
+       ( $ThisLine =~ /pam_rhosts_auth\[\d+\]: allowed to [^ ]+ as \w+/) or
+       ( $ThisLine =~ /pam_rhosts_auth\([^\)]+\): allowed to [^ ]+ as \w+/) or
+       ( $ThisLine =~ /^(.*)\(pam_unix\)/) or
+@@ -226,6 +226,8 @@
+       ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: authentication failure/) or
+       ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: check pass; user unknown/) or
+       ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: session /) or
++      ( $ThisLine =~ /sshd\[\d+\]: Server listening on/) or
++      ( $ThisLine =~ /sshd\[\d+\]: Received signal \d+; terminating/) or
+       ( $ThisLine =~ /^ipop3d\[\d+\]:/) or
+       ( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or
+       ( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix
+@@ -233,6 +235,8 @@
+       ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
+       ( $ThisLine =~ /^login: FAILED LOGIN 2 FROM (.*) FOR .*, (Authentication failure|User not known to the underlying authentication module)/) or
+       ( $ThisLine =~ /^login: pam_securetty(.*): unexpected response from failed conversation function/) or
++      ( $ThisLine =~ /^login: pam_securetty(.*): access denied: tty '.*' is not secure/) or
++      ( $ThisLine =~ /^login: pam_securetty(.*): cannot determine username/) or
+       ( $ThisLine =~ /^pam_limits\[\d+\]/ ) or
+       ( $ThisLine =~ /^kcheckpass(\[\d+\]|):/ ) or   # done in pam_unix
+       ( $ThisLine =~ /^cyrus\/lmtpd\[\d+\]: [^ ]+ server step [12]/ ) or
+@@ -261,7 +265,8 @@
+       ( $ThisLine =~ /polkit-grant-helper\[\d+\]: granted authorization for [^ ]* to session .* \[uid=[0-9]*\]/) or
+       ( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
+       ( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or
+-      ( $ThisLine =~ /(gdm-session-worker|gdm-password)\[\d+\]: gkr-pam: no password is available for user/) or
++      ( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or
++      ( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or
+       ( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
+       ( $ThisLine =~ /groupadd\[\d+\]: group added to /) or    # Details in other messages
+       ( $ThisLine =~ /groupmod\[\d+\]: group changed in \/etc\/gshadow /) or    # Details in other messages
+@@ -360,7 +365,7 @@
+       $NoIP->{$ThisLine}++;
+    } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+)\[\d+\]: error: (.+)$/) ) {
+       $Error{$Service}{$Err}++;
+-   } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR , .*)$/ ) ) {
++   } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (FAILED LOGIN SESSION FROM [^ ]+ FOR ([^ ]+)?, .*)$/ ) ) {
+       $Error{$Service}{$Err}++;
+    } elsif ( ($Service,$Err) = ($ThisLine =~ /^([^ ]+): (password mismatch for [^ ]+ in [^ ]+):.*$/ ) ) {
+       $Error{$Service}{$Err}++;
diff --git a/logwatch.spec b/logwatch.spec
index a437728..fab2b19 100644
--- a/logwatch.spec
+++ b/logwatch.spec
@@ -1,7 +1,7 @@
 Summary: A log file analysis program
 Name: logwatch
 Version: 7.4.0
-Release: 16.20120619svn110%{?dist}
+Release: 17.20120619svn110%{?dist}
 License: MIT
 Group: Applications/System
 URL: http://www.logwatch.org/
@@ -29,6 +29,7 @@ Patch10: logwatch-applystddate.patch
 Patch11: logwatch-http.patch
 Patch12: logwatch-pluto.patch
 Patch13: logwatch-xvc.patch
+Patch14: logwatch-secure.patch
 Requires: textutils sh-utils grep mailx
 Requires: perl(Date::Manip)
 Requires: perl(Sys::CPU)
@@ -56,6 +57,7 @@ of the package on many systems.
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 rm -f scripts/services/*.orig
 
 %build
@@ -146,6 +148,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
 %{_mandir}/man*/*
 
 %changelog
+* Thu Sep 27 2012 Jan Synáček <jsynacek@redhat.com> - 7.4.0-17.20120619svn110
+- Add secure patch (rhbz#836189)
+
 * Wed Aug 29 2012 Jan Synáček <jsynacek@redhat.com> - 7.4.0-16.20120619svn110
 - Add applystddate patch - support rsyslog timestamps
 - Add http patch - count .hdr files as archives