diff --git a/net/libsoup24/Makefile b/net/libsoup24/Makefile
index 5b33200ebee6..f5142fed8078 100644
--- a/net/libsoup24/Makefile
+++ b/net/libsoup24/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.32 2011/07/08 18:35:37 drochner Exp $
+# $NetBSD: Makefile,v 1.33 2011/07/29 10:27:29 drochner Exp $
 
 DISTNAME=	libsoup-2.34.2
 PKGNAME=	${DISTNAME:S/libsoup/libsoup24/}
+PKGREVISION=	1
 CATEGORIES=	net gnome
 MASTER_SITES=	${MASTER_SITE_GNOME:=sources/libsoup/2.34/}
 EXTRACT_SUFX=	.tar.bz2
diff --git a/net/libsoup24/distinfo b/net/libsoup24/distinfo
index bf5685b7fb64..940c7898956e 100644
--- a/net/libsoup24/distinfo
+++ b/net/libsoup24/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.22 2011/06/10 09:33:53 drochner Exp $
+$NetBSD: distinfo,v 1.23 2011/07/29 10:27:29 drochner Exp $
 
 SHA1 (libsoup-2.34.2.tar.bz2) = 1812b3c78778b37d55ea2904b9763b6dd8266a1c
 RMD160 (libsoup-2.34.2.tar.bz2) = a3a94ca9dd6a49a3ee15efda6cf8e4ba96a66338
 Size (libsoup-2.34.2.tar.bz2) = 683331 bytes
+SHA1 (patch-aa) = 02d26d3f70954f1bb2d2014aab84a58d5ce14469
diff --git a/net/libsoup24/patches/patch-aa b/net/libsoup24/patches/patch-aa
new file mode 100644
index 000000000000..7fbd72306470
--- /dev/null
+++ b/net/libsoup24/patches/patch-aa
@@ -0,0 +1,22 @@
+$NetBSD: patch-aa,v 1.3 2011/07/29 10:27:29 drochner Exp $
+
+CVE-2011-2524
+
+--- libsoup/soup-server.c.orig	2011-04-07 13:29:03.000000000 +0000
++++ libsoup/soup-server.c
+@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClien
+ 
+ 		uri = soup_message_get_uri (req);
+ 		decoded_path = soup_uri_decode (uri->path);
++
++		if (strstr (decoded_path, "/../") ||
++		    g_str_has_suffix (decoded_path, "/..")) {
++			/* Introducing new ".." segments is not allowed */
++			g_free (decoded_path);
++			soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST);
++			return;
++		}
++
+ 		soup_uri_set_path (uri, decoded_path);
+ 		g_free (decoded_path);
+ 	}