diff --git a/lynx.spec b/lynx.spec
index 068e639..45b13ea 100644
--- a/lynx.spec
+++ b/lynx.spec
@@ -1,7 +1,7 @@
 Summary: A text-based Web browser.
 Name: lynx
 Version: 2.8.5
-Release: 26
+Release: 27
 License: GPL
 Group: Applications/Internet
 Source: http://lynx.isc.org/current/lynx2.8.5rel.1.tar.bz2
@@ -9,6 +9,7 @@ URL: http://lynx.isc.org/
 Patch0: lynx-2.8.4-redhat.patch
 Patch1: lynx-crash.patch
 Patch2: lynx-CAN-2005-3120.patch
+Patch3: lynx-CVE-2005-2929.patch
 Requires: indexhtml
 Provides: webclient
 BuildRequires: openssl-devel, pkgconfig, ncurses-devel >= 5.3-5, slang-devel, zlib-devel
@@ -25,6 +26,7 @@ exits quickly and swiftly displays webpages.
 %patch0 -p1 -b .redhat
 %patch1 -p1 -b .crash
 %patch2 -p1 -b .CAN-2005-3120
+%patch3 -p1 -b .CVE-2005-2929
 perl -pi -e "s,^HELPFILE:.*,HELPFILE:file://localhost/usr/share/doc/lynx-%{version}/lynx_help/lynx_help_main.html,g" lynx.cfg
 perl -pi -e "s,^DEFAULT_INDEX_FILE:.*,DEFAULT_INDEX_FILE:http://www.google.com/,g" lynx.cfg
 perl -pi -e 's,^#LOCALE_CHARSET:.*,LOCALE_CHARSET:TRUE,' lynx.cfg
@@ -94,6 +96,9 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace,missingok) %{_sysconfdir}/lynx-site.cfg
 
 %changelog
+* Sun Nov 13 2005 Tim Waugh <twaugh@redhat.com> 2.8.5-27
+- Apply patch to fix CVE-2005-2929 (bug #172973).
+
 * Thu Nov 10 2005 Tomas Mraz <tmraz@redhat.com> 2.8.5-26
 - rebuilt against new openssl