diff --git a/coreutils-overflow.patch b/coreutils-overflow.patch
new file mode 100644
index 0000000..81592cc
--- /dev/null
+++ b/coreutils-overflow.patch
@@ -0,0 +1,11 @@
+--- coreutils-5.2.1/src/who.c.overflow	2005-05-25 09:59:06.000000000 +0100
++++ coreutils-5.2.1/src/who.c	2005-05-25 10:00:31.000000000 +0100
+@@ -75,7 +75,7 @@
+ # define NEW_TIME 0
+ #endif
+ 
+-#define IDLESTR_LEN 6
++#define IDLESTR_LEN 10
+ 
+ #if HAVE_STRUCT_XTMP_UT_PID
+ # define PIDSTR_DECL_AND_INIT(Var, Utmp_ent) \
diff --git a/coreutils.spec b/coreutils.spec
index e41d0eb..c3af414 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -43,6 +43,7 @@ Patch908: coreutils-getgrouplist.patch
 Patch909: coreutils-zh_CN.patch
 Patch910: coreutils-gcc4.patch
 Patch911: coreutils-brokentest.patch
+Patch912: coreutils-overflow.patch
 
 # From upstream
 Patch920: coreutils-dateseconds.patch
@@ -106,6 +107,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
 %patch909 -p1 -b .zh_CN
 %patch910 -p1 -b .gcc4
 %patch911 -p1 -b .brokentest
+%patch912 -p1 -b .overflow
 
 # From upstream
 %patch920 -p1 -b .dateseconds
@@ -248,6 +250,9 @@ fi
 /sbin/runuser
 
 %changelog
+* Wed May 25 2005 Tim Waugh <twaugh@redhat.com>
+- Prevent buffer overflow in who(1) (bug #158405).
+
 * Fri May 20 2005 Tim Waugh <twaugh@redhat.com> 5.2.1-47
 - Better error checking in the pam patch (bug #158189).