diff --git a/SPECS/pacemaker.spec b/SPECS/pacemaker.spec
index b33bb5f..6290d45 100644
--- a/SPECS/pacemaker.spec
+++ b/SPECS/pacemaker.spec
@@ -227,7 +227,7 @@
 Name:          pacemaker
 Summary:       Scalable High-Availability cluster resource manager
 Version:       %{pcmkversion}
-Release:       %{pcmk_release}%{?dist}
+Release:       %{pcmk_release}%{?dist}.1
 %if %{defined _unitdir}
 License:       GPLv2+ and LGPLv2+
 %else
@@ -264,6 +264,7 @@ Patch12:        012-ipc_fix.patch
 Patch13:        013-pacemakerd.patch
 Patch14:        014-sbd.patch
 Patch15:        015-cibsecret.patch
+Patch16:        016-CVE-2020-25654.patch
 
 # downstream-only commits
 #Patch100:      xxx.patch
@@ -961,6 +962,10 @@ exit 0
 %license %{nagios_name}-%{nagios_hash}/COPYING
 
 %changelog
+* Mon Oct 26 2020 Ken Gaillot <kgaillot@redhat.com> - 2.0.4-6.1
+- Prevent users from bypassing ACLs by using IPC directly (CVE-2020-25654)
+- Resolves: rhbz1891528
+
 * Thu Aug 20 2020 Ken Gaillot <kgaillot@redhat.com> - 2.0.4-6
 - Fix cibsecret bug when node name is different from hostname
 - Resolves: rhbz1870873