diff --git a/exim-4.89-CVE-2017-16944.patch b/exim-4.89-CVE-2017-16944.patch
new file mode 100644
index 0000000..81e8032
--- /dev/null
+++ b/exim-4.89-CVE-2017-16944.patch
@@ -0,0 +1,41 @@
+diff --git a/src/receive.c b/src/receive.c
+index 3246621..f19c8b9 100644
+--- a/src/receive.c
++++ b/src/receive.c
+@@ -1827,7 +1827,7 @@ for (;;)
+   prevent further reading), and break out of the loop, having freed the
+   empty header, and set next = NULL to indicate no data line. */
+ 
+-  if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
++  if (ptr == 0 && ch == '.' && dot_ends)
+     {
+     ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+     if (ch == '\r')
+diff --git a/src/smtp_in.c b/src/smtp_in.c
+index 1b45f84..0207540 100644
+--- a/src/smtp_in.c
++++ b/src/smtp_in.c
+@@ -4955,16 +4955,23 @@ while (done <= 0)
+       DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
+ 				    (int)chunking_state, chunking_data_left);
+ 
++      /* push the current receive_* function on the "stack", and
++      replace them by bdat_getc(), which in turn will use the lwr_receive_*
++      functions to do the dirty work. */
+       lwr_receive_getc = receive_getc;
+       lwr_receive_ungetc = receive_ungetc;
++
+       receive_getc = bdat_getc;
+       receive_ungetc = bdat_ungetc;
+ 
++      dot_ends = FALSE;
++
+       goto DATA_BDAT;
+       }
+ 
+     case DATA_CMD:
+     HAD(SCH_DATA);
++    dot_ends = TRUE;
+ 
+     DATA_BDAT:		/* Common code for DATA and BDAT */
+     if (!discarded && recipients_count <= 0)
diff --git a/exim.spec b/exim.spec
index bb80178..8e477d9 100644
--- a/exim.spec
+++ b/exim.spec
@@ -14,7 +14,7 @@
 Summary: The exim mail transfer agent
 Name: exim
 Version: 4.89
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 Url: http://www.exim.org/
 Group: System Environment/Daemons
@@ -70,7 +70,10 @@ Patch29: exim-4.89-CVE-2017-1000369.patch
 # Backported from upstream:
 # https://git.exim.org/exim.git/commitdiff/14de8063d82edc5bf003ed50abdea55ac542679b
 Patch30: exim-4.89-calloutsize.patch
+# Upstream ticket: https://bugs.exim.org/show_bug.cgi?id=219
 Patch31: exim-4.89-CVE-2017-16943.patch
+# Upstream ticket: https://bugs.exim.org/show_bug.cgi?id=2201
+Patch32: exim-4.89-CVE-2017-16944.patch
 
 Requires: /etc/pki/tls/certs /etc/pki/tls/private
 Requires: /etc/aliases
@@ -221,6 +224,7 @@ greylisting unconditional.
 %patch29 -p1 -b .CVE-2017-1000369
 %patch30 -p1 -b .calloutsize
 %patch31 -p1 -b .CVE-2017-16943
+%patch32 -p1 -b .CVE-2017-16944
 
 cp src/EDITME Local/Makefile
 sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
@@ -601,6 +605,10 @@ test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 
 %changelog
+* Fri Dec  1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-7
+- Fixed denial of service
+  Resolves: CVE-2017-16944
+
 * Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-6
 - Fixed use-after-free
   Resolves: CVE-2017-16943