diff --git a/perl-5.8.7-CVE-2005-3962-bz174684.patch b/perl-5.8.7-CVE-2005-3962-bz174684.patch
new file mode 100644
index 0000000..ade577b
--- /dev/null
+++ b/perl-5.8.7-CVE-2005-3962-bz174684.patch
@@ -0,0 +1,48 @@
+--- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684	2004-02-09 16:37:13.000000000 -0500
++++ perl-5.8.7/t/op/sprintf2.t	2005-12-01 13:11:34.000000000 -0500
+@@ -6,7 +6,7 @@
+     require './test.pl';
+ }   
+ 
+-plan tests => 3;
++plan tests => 6;
+ 
+ is(
+     sprintf("%.40g ",0.01),
+@@ -26,3 +26,20 @@
+ 		q(width calculation under utf8 upgrade)
+ 	);
+ }
++# check %NNN$ for range bounds, especially negative 2's complement
++{
++    my ($warn, $bad) = (0,0);
++    local $SIG{__WARN__} = sub {
++       if ($_[0] =~ /uninitialized/) {
++           $warn++
++       }
++       else {
++           $bad++
++       }
++    };
++    my $result = sprintf join('', map("%$_\$s%" . ~$_ . '$s', 1..20)),
++       qw(a b c d);
++    is($result, "abcd", "only four valid values");
++    is($warn, 36, "expected warnings");
++    is($bad,   0, "unexpected warnings");
++}
+--- perl-5.8.7/sv.c.CVE-2005-3962-bz174684	2005-05-27 06:38:11.000000000 -0400
++++ perl-5.8.7/sv.c	2005-12-01 13:11:14.000000000 -0500
+@@ -8707,9 +8707,10 @@
+ 
+ 	if (vectorize)
+ 	    argsv = vecsv;
+-	else if (!args)
+-	    argsv = (efix ? efix <= svmax : svix < svmax) ?
+-		    svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
++	else if (!args) {
++	    I32 i = efix ? efix-1 : svix++;
++	    argsv = (i >= 0 && i < svmax) ? svargs[i] : &PL_sv_undef;
++	}
+ 
+ 	switch (c = *q++) {
+ 
diff --git a/perl.spec b/perl.spec
index dc24ffa..672468a 100644
--- a/perl.spec
+++ b/perl.spec
@@ -5,7 +5,7 @@
 %define multilib_64_archs x86_64 s390x ppc64 sparc64
 
 %define perlver 5.8.7
-%define perlrel 0.7.fc5
+%define perlrel 0.8.fc5
 %define perlepoch 3
 
 %{?!perl_debugging:    %define perl_debugging 0}
@@ -130,6 +130,8 @@ Patch172739:    perl-5.8.7-bz172739_obz36521.patch
 
 Patch136009:    perl-5.8.7-MM_Unix-rpath-136009.patch
 
+Patch174684:	perl-5.8.7-CVE-2005-3962-bz174684.patch
+
 # module updatesd
 # Patch202:       perl-5.8.0-Safe2.09.patch
 
@@ -294,6 +296,8 @@ more secure running of setuid perl scripts.
 
 %patch136009 -p1
 
+%patch174684 -p1
+
 # Candidates for doc recoding (need case by case review):
 # find . -name "*.pod" -o -name "README*" -o -name "*.pm" | xargs file -i | grep charset= | grep -v '\(us-ascii\|utf-8\)'
 recode()
@@ -503,6 +507,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Dec 01 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.8
+- fix bug 174684 / CVE-2005-3962: sprintf integer overflow vulnerability
+  backport upstream patch #26240
+
 * Wed Nov 09 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.7-0.7
 - fix bug 136009: restore MakeMaker support for LD_RUN_PATH, 
   while removing empty LD_RUN_PATH