diff --git a/openssh-6.9p1-xauth.patch b/openssh-6.9p1-xauth.patch
new file mode 100644
index 0000000..b607856
--- /dev/null
+++ b/openssh-6.9p1-xauth.patch
@@ -0,0 +1,72 @@
+commit 9d47b8d3f50c3a6282896df8274147e3b9a38c56
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Mar 10 05:03:39 2016 +1100
+
+    sanitise characters destined for xauth(1)
+    
+    reported by github.com/tintinweb
+
+diff --git a/session.c b/session.c
+index 7a02500..87fddfc 100644
+--- a/session.c
++++ b/session.c
+@@ -46,6 +46,7 @@
+ 
+ #include <arpa/inet.h>
+ 
++#include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
+@@ -274,6 +275,21 @@ do_authenticated(Authctxt *authctxt)
+ 	do_cleanup(authctxt);
+ }
+ 
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++	size_t i;
++
++	for (i = 0; s[i] != '\0'; i++) {
++		if (!isalnum((u_char)s[i]) &&
++		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++		    s[i] != '-' && s[i] != '_')
++		return 0;
++	}
++	return 1;
++}
++
+ /*
+  * Prepares for an interactive session.  This is called after the user has
+  * been successfully authenticated.  During this message exchange, pseudo
+@@ -347,7 +363,13 @@ do_authenticated1(Authctxt *authctxt)
+ 				s->screen = 0;
+ 			}
+ 			packet_check_eom();
+-			success = session_setup_x11fwd(s);
++			if (xauth_valid_string(s->auth_proto) &&
++			    xauth_valid_string(s->auth_data))
++				success = session_setup_x11fwd(s);
++			else {
++				success = 0;
++				error("Invalid X11 forwarding data");
++			}
+ 			if (!success) {
+ 				free(s->auth_proto);
+ 				free(s->auth_data);
+@@ -2178,7 +2200,13 @@ session_x11_req(Session *s)
+ 	s->screen = packet_get_int();
+ 	packet_check_eom();
+ 
+-	success = session_setup_x11fwd(s);
++	if (xauth_valid_string(s->auth_proto) &&
++	    xauth_valid_string(s->auth_data))
++		success = session_setup_x11fwd(s);
++	else {
++		success = 0;
++		error("Invalid X11 forwarding data");
++	}
+ 	if (!success) {
+ 		free(s->auth_proto);
+ 		free(s->auth_data);
diff --git a/openssh.spec b/openssh.spec
index ec9b9ad..af1b9de 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -240,6 +240,8 @@ Patch934: openssh-6.9p1-gssKexAlgorithms.patch
 #  CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature
 #  Fix an out of-bound read access in the packet handling code
 Patch935: openssh-6.9p1-security-7.1.patch
+# Fix for security issue (openssh-7.2p2): sanitise characters destined for xauth(1)
+Patch936: openssh-6.9p1-xauth.patch
 
 
 License: BSD
@@ -468,6 +470,7 @@ popd
 %patch933 -p1 -b .fingerprint
 %patch934 -p1 -b .gsskexalg
 %patch935 -p1 -b .security71
+%patch936 -p1 -b .xauth
 
 %patch200 -p1 -b .audit
 %patch700 -p1 -b .fips