diff --git a/sagemath-CVE-2012-4230.patch b/sagemath-CVE-2012-4230.patch
new file mode 100644
index 0000000..1e383b0
--- /dev/null
+++ b/sagemath-CVE-2012-4230.patch
@@ -0,0 +1,45 @@
+diff -up build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js.orig build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js
+--- build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js.orig 2014-12-06 15:49:57.183458112 -0200
++++ build/pkgs/sagenb/src/sagenb-0.10.8.2/sagenb/data/jqueryui/development-bundle/ui/jquery.ui.dialog.js 2014-12-06 15:50:34.399459537 -0200
+@@ -85,7 +85,6 @@ $.widget("ui.dialog", {
+ var self = this,
+ options = self.options,
+
+- title = options.title || ' ',
+ titleId = $.ui.dialog.getTitleId(self.element),
+
+ uiDialog = (self.uiDialog = $(''))
+@@ -167,8 +166,8 @@ $.widget("ui.dialog", {
+ uiDialogTitle = $('')
+ .addClass('ui-dialog-title')
+ .attr('id', titleId)
+- .html(title)
+ .prependTo(uiDialogTitlebar);
++ this._title( uiDialogTitle );
+
+ //handling of deprecated beforeclose (vs beforeClose) option
+ //Ticket #4669 http://dev.jqueryui.com/ticket/4669
+@@ -349,6 +348,13 @@ $.widget("ui.dialog", {
+ return self;
+ },
+
++ _title: function( title ) {
++ if ( !this.options.title ) {
++ title.html( " " );
++ }
++ title.text( this.options.title );
++ },
++
+ _createButtons: function(buttons) {
+ var self = this,
+ hasButtons = false,
+@@ -618,8 +624,7 @@ $.widget("ui.dialog", {
+ }
+ break;
+ case "title":
+- // convert whatever was passed in o a string, for html() to not throw up
+- $(".ui-dialog-title", self.uiDialogTitlebar).html("" + (value || ' '));
++ this._title( $( ".ui-dialog-title", this.uiDialogTitlebar ) );
+ break;
+ }
+
diff --git a/sagemath.spec b/sagemath.spec
index 84fe86b..b9fecb1 100644
--- a/sagemath.spec
+++ b/sagemath.spec
@@ -62,7 +62,7 @@ Name: sagemath
Group: Applications/Engineering
Summary: A free open-source mathematics software system
Version: 6.1.1
-Release: 5%{?dist}
+Release: 6%{?dist}
# The file ${SAGE_ROOT}/COPYING.txt is the upstream license breakdown file
# Additionally, every $files section has a comment with the license name
# before files with that license
@@ -183,6 +183,9 @@ Patch27: %{name}-cryptominisat.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=974769
Patch28: %{name}-sympy.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1091442
+Patch29: %{name}-CVE-2012-4230.patch
+
BuildRequires: 4ti2
BuildRequires: atlas-devel
BuildRequires: cddlib-tools
@@ -659,6 +662,7 @@ popd
%patch26
%patch27
%patch28
+%patch29
sed -e 's|@@SAGE_ROOT@@|%{SAGE_ROOT}|' \
-e 's|@@SAGE_DOC@@|%{SAGE_DOC}|' \
@@ -1371,6 +1375,9 @@ exit 0
########################################################################
%changelog
+* Sat Dec 6 2014 pcpa - 6.1.1-6
+- Add patch for CVE-2012-4230 (#1091442)
+
* Wed Apr 2 2014 Jerry James - 6.1.1-5
- Rebuild for ntl 6.1.0
- Fix ld ignoring __global_ldflags due to embedded trailing space