diff --git a/www/libwww/Makefile b/www/libwww/Makefile
index 2ca1795b62b6..063e7e851915 100644
--- a/www/libwww/Makefile
+++ b/www/libwww/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.80 2010/01/17 12:02:49 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2010/01/26 18:38:26 drochner Exp $
 
 DISTNAME=		w3c-libwww-5.4.0
 PKGNAME=		libwww-5.4.0
-PKGREVISION=		8
+PKGREVISION=		9
 CATEGORIES=		www devel
 MASTER_SITES=		http://www.w3.org/Library/Distribution/
 EXTRACT_SUFX=		.tgz
diff --git a/www/libwww/distinfo b/www/libwww/distinfo
index a1a3780a1985..893c9baf6b36 100644
--- a/www/libwww/distinfo
+++ b/www/libwww/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2009/11/08 08:38:54 obache Exp $
+$NetBSD: distinfo,v 1.25 2010/01/26 18:38:26 drochner Exp $
 
 SHA1 (libwww-configure-5.4.0nb2.gz) = de3292e2ec4034485b300845e7a0c0ef4ceb0199
 RMD160 (libwww-configure-5.4.0nb2.gz) = bead5840a43b85e7de79e1bf5e26fa997cf827e3
@@ -22,3 +22,4 @@ SHA1 (patch-ao) = fa5c98f6c4e873f816e5a5bc48481d1462c946dc
 SHA1 (patch-ap) = 506ee8ddd2e627aa6ba84b933ca39a6934b95689
 SHA1 (patch-aq) = f44086c50dfe3d5af714b6defcb40ac7a1ed36f1
 SHA1 (patch-ar) = ddbe9f7e7add849dcbdf215d0087bb3e314100c3
+SHA1 (patch-as) = cb88580f74998491eb822227af225055b0eeacee
diff --git a/www/libwww/patches/patch-as b/www/libwww/patches/patch-as
new file mode 100644
index 000000000000..dc6baee9c2b5
--- /dev/null
+++ b/www/libwww/patches/patch-as
@@ -0,0 +1,16 @@
+$NetBSD: patch-as,v 1.1 2010/01/26 18:38:27 drochner Exp $
+
+CVE-2009-3560
+
+--- modules/expat/xmlparse/xmlparse.c.orig	2000-08-28 08:52:01.000000000 +0000
++++ modules/expat/xmlparse/xmlparse.c
+@@ -2199,6 +2199,9 @@ doProlog(XML_Parser parser,
+ 	return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+ 	return XML_ERROR_PARTIAL_CHAR;
++      case -XML_TOK_PROLOG_S:
++	tok = -tok;
++	break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+ 	if (enc != encoding)