diff --git a/.pesign.metadata b/.pesign.metadata
new file mode 100644
index 0000000..41bb934
--- /dev/null
+++ b/.pesign.metadata
@@ -0,0 +1,2 @@
+b6777cc78ca2d2f250f3142e97e17dd855bc9b88 certs.tar.xz
+849099b74a8c54f3fe5090605d2a71c0511acd1a pesign-115.tar.bz2
diff --git a/0006-Use-normal-file-permissions-instead-of-ACLs.patch b/0006-Use-normal-file-permissions-instead-of-ACLs.patch
index c6b30d5..72f5d37 100644
--- a/0006-Use-normal-file-permissions-instead-of-ACLs.patch
+++ b/0006-Use-normal-file-permissions-instead-of-ACLs.patch
@@ -15,7 +15,7 @@ Signed-off-by: Robbie Harwood <rharwood@redhat.com>
  1 file changed, 3 insertions(+), 47 deletions(-)
 
 diff --git a/src/pesign-authorize.in b/src/pesign-authorize.in
-index 69797d5..d98657c 100644
+index 69797d5..b4e89e0 100644
 --- a/src/pesign-authorize.in
 +++ b/src/pesign-authorize.in
 @@ -2,56 +2,12 @@
@@ -76,5 +76,5 @@ index 69797d5..d98657c 100644
 -		:;
 -	fi
 +	chown -R pesign:pesign "${x}" || true
-+	chmod ug+rwX "${x}" || true
++	chmod -R ug+rwX "${x}" || true
  done
diff --git a/pesign.spec b/pesign.spec
index ff67251..94a6972 100644
--- a/pesign.spec
+++ b/pesign.spec
@@ -3,7 +3,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 115
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPL-2.0-only
 URL:     https://github.com/rhboot/pesign
 
@@ -162,6 +162,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
 %{python3_sitelib}/mockbuild/plugins/pesign.*
 
 %changelog
+* Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-6
+- Fix chmod invocation
+- Resolves: CVE-2022-3560
+
 * Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-5
 - Deprecate pesign-authorize and drop ACL use
 - Resolves: CVE-2022-3560