diff --git a/quassel.spec b/quassel.spec
index 7ca8008..11c0b97 100755
--- a/quassel.spec
+++ b/quassel.spec
@@ -1,7 +1,7 @@
 Name:    quassel
 Summary: A modern distributed IRC system
 Version: 0.12.2
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 License: GPLv2 or GPLv3
 Group:   Applications/Internet
@@ -23,9 +23,8 @@ Provides: %{name}-gui = %{version}-%{release}
 
 Requires: %{name}-common = %{version}-%{release}
 
-# BZ1205130 - CTCP query Denial of Service
-## Upstream patch git commit id b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
-#Patch0: quassel-0.11.0-CTCP-query-crash.patch
+# Backported fix for CVE-2015-8547
+Patch0: quassel_0.11.1_CVE-2015-8547.diff
 
 %description
 Quassel IRC is a modern, distributed IRC client, 
@@ -67,7 +66,7 @@ Quassel client
 %prep
 %setup -q -n %{name}-%{version}
 
-#%patch0 -p1
+%patch0 -p1
 
 %build
 mkdir build
@@ -125,6 +124,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
 
 
 %changelog
+* Tue Dec 15 2015 Christian Dersch <lupinix@mailbox.org> - 0.12.2-6
+- Added security fix for CVE-2015-8547
+
 * Thu Sep 24 2015 Adam Miller <maxamillion@fedoraproject.org> - 0.12.2-5
 - Bump spec release because I typo'd and now it's in koji forever
 
diff --git a/quassel_0.11.1_CVE-2015-8547.diff b/quassel_0.11.1_CVE-2015-8547.diff
new file mode 100644
index 0000000..6febc7b
--- /dev/null
+++ b/quassel_0.11.1_CVE-2015-8547.diff
@@ -0,0 +1,12 @@
+diff -Naur quassel-0.11.1/src/core/coreuserinputhandler.cpp quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp
+--- quassel-0.11.1/src/core/coreuserinputhandler.cpp	2015-04-23 23:00:06.000000000 +0200
++++ quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp	2015-12-15 20:21:56.170741238 +0100
+@@ -232,7 +232,7 @@
+     if (!isNumber || maxModes == 0) maxModes = 1;
+ 
+     QStringList nickList;
+-    if (nicks == "*") { // All users in channel
++    if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
+         const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
+         foreach(IrcUser *user, users) {
+             if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))