diff --git a/.gitignore b/.gitignore
index 8b9aeca..e0feeb5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /kdelibs-4.14.29.tar.xz
+/0002-Sanitize-URLs-before-passing-them-to-FindProxyForURL.patch
diff --git a/kdelibs.spec b/kdelibs.spec
index a7630cf..2493b29 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -51,7 +51,7 @@ Summary: KDE Libraries
 # shipped with kde applications, version...
 %global apps_version 16.12.2
 Version: 4.14.29
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 Name: kdelibs
 Epoch: 6
@@ -200,7 +200,8 @@ Patch65: kdelibs-4.14.17-glibc_trunc.patch
 Patch67: kdelibs-4.14.17-gcc6_narrowing_hack.patch
 
 ## upstream
-# 4.14 branch
+# 4.14 branch (lookaside cache)
+Patch102: 0002-Sanitize-URLs-before-passing-them-to-FindProxyForURL.patch
 
 ## security fix
 
@@ -495,6 +496,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
 %patch67 -p1 -b .gcc6_narrowing_hack
 
 # upstream patches
+%patch102 -p1 -b .0002
 
 # security fixes
 
@@ -877,6 +879,9 @@ update-mime-database %{?fedora:-n} %{_datadir}/mime &> /dev/null || :
 
 
 %changelog
+* Thu Mar 02 2017 Rex Dieter <rdieter@fedoraproject.org> - 6:4.14.29-2
+- CVE-2017-6410 (#1427808)
+
 * Wed Feb 08 2017 Rex Dieter <rdieter@fedoraproject.org> - 6:4.14.29-1
 - 4.14.29 (kde-apps-16.12.2)
 
diff --git a/sources b/sources
index e91642f..04aa325 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 SHA512 (kdelibs-4.14.29.tar.xz) = caf5f840533bd99c42d74583ef97004500de4d73f14bf442e6b3d83bbf6bb1130e735a8f7a45955d60b318a3587e4e08f168c11e1159c26445875b907f5f0976
+SHA512 (0002-Sanitize-URLs-before-passing-them-to-FindProxyForURL.patch) = 1c34e0de68d3c5eea5daa76b4b07ca983cf5dc088d8d3fe1e443e6fcf66a35b25fbd986e754d843c2587142d18c1aae0811a26d71b1227323e54ea542d4b7cec