diff --git a/0001-Fix-invalid-memory-access-when-dealing-with-URLs.patch b/0001-Fix-invalid-memory-access-when-dealing-with-URLs.patch
new file mode 100644
index 0000000..1b9099a
--- /dev/null
+++ b/0001-Fix-invalid-memory-access-when-dealing-with-URLs.patch
@@ -0,0 +1,46 @@
+From 48ca11b62344c1af17e16ddec0fad727042a4b03 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Tue, 24 Mar 2009 11:46:18 +0000
+Subject: [PATCH] Fix invalid memory access when dealing with URLs
+
+Just like strings attributes, URLs might not be NUL-terminated.
+Make sure we don't read past the end of the allocated memory when
+copying them.
+---
+ common/sdp-xml.c |    9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/common/sdp-xml.c b/common/sdp-xml.c
+index 608de76..0460f35 100644
+--- a/common/sdp-xml.c
++++ b/common/sdp-xml.c
+@@ -25,6 +25,7 @@
+ #include <config.h>
+ #endif
+ 
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <ctype.h>
+@@ -323,11 +324,17 @@ static void convert_raw_data_to_xml(sdp_data_t *value, int indent_level,
+ 	case SDP_URL_STR8:
+ 	case SDP_URL_STR16:
+ 	case SDP_URL_STR32:
++	{
++		char *strBuf;
++
+ 		appender(data, indent);
+ 		appender(data, "<url value=\"");
+-		appender(data, value->val.str);
++		strBuf = strndup(value->val.str, value->unitSize);
++		appender(data, strBuf);
++		free(strBuf);
+ 		appender(data, "\" />\n");
+ 		break;
++	}
+ 
+ 	case SDP_SEQ8:
+ 	case SDP_SEQ16:
+-- 
+1.6.0.6
+
diff --git a/bluez.spec b/bluez.spec
index cb312f9..e357b18 100644
--- a/bluez.spec
+++ b/bluez.spec
@@ -1,7 +1,7 @@
 Summary: Bluetooth utilities
 Name: bluez
 Version: 4.33
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Group: Applications/System
 Source: http://www.kernel.org/pub/linux/bluetooth/%{name}-%{version}.tar.gz
@@ -14,6 +14,8 @@ Patch1: bluez-utils-oui-usage.patch
 Patch2: bluez-try-utf8-harder.patch
 # http://thread.gmane.org/gmane.linux.bluez.kernel/1754
 Patch3: bluez-activate-wacom-mode2.patch
+# http://thread.gmane.org/gmane.linux.bluez.kernel/1783/focus=1784
+Patch4: 0001-Fix-invalid-memory-access-when-dealing-with-URLs.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://www.bluez.org/
@@ -102,6 +104,7 @@ use in Bluetooth applications.
 %patch1 -p0 -b .oui
 %patch2 -p1 -b .non-utf8-name
 %patch3 -p1 -b .wacom
+%patch4 -p1 -b .urls
 
 %build
 %configure --enable-cups --enable-hid2hci --enable-dfutool --enable-tools --enable-bccmd --enable-gstreamer --enable-hidd --enable-pand --enable-dund
@@ -194,6 +197,9 @@ fi
 %{_libdir}/alsa-lib/*.so
 
 %changelog
+* Tue Mar 24 2009 - Bastien Nocera <bnocera@redhat.com> - 4.34-11
+- Fix a possible crasher
+
 * Mon Mar 16 2009 - Bastien Nocera <bnocera@redhat.com> - 4.33-1
 - Update to 4.33