diff --git a/openssh-7.5p1-sandbox-typo.patch b/openssh-7.5p1-sandbox-typo.patch
new file mode 100644
index 0000000..dd5f1fa
--- /dev/null
+++ b/openssh-7.5p1-sandbox-typo.patch
@@ -0,0 +1,13 @@
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3a1aedce72c2..a8d472a63ccb 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = {
+ 	 * x86-64 syscall under some circumstances, e.g.
+ 	 * https://bugs.debian.org/849923
+ 	 */
+-	SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT);
++	SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT),
+ #endif
+ 
+ 	/* Default deny */
diff --git a/openssh.spec b/openssh.spec
index 2970509..f07d64d 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -228,6 +228,8 @@ Patch942: openssh-7.2p2-chroot-capabilities.patch
 Patch944: openssh-7.3p1-x11-max-displays.patch
 # Help systemd to track the running service
 Patch948: openssh-7.4p1-systemd.patch
+# Fix typo in sandbox code
+Patch949: openssh-7.5p1-sandbox-typo.patch
 
 
 License: BSD
@@ -463,6 +465,7 @@ popd
 %patch942 -p1 -b .chroot-cap
 %patch944 -p1 -b .x11max
 %patch948 -p1 -b .systemd
+%patch949 -p1 -b .sandbox
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race