diff --git a/package/kde/kdelibs/kde.org-security-fix.patch b/package/kde/kdelibs/kde.org-security-fix.patch
new file mode 100644
index 000000000..70c697918
--- /dev/null
+++ b/package/kde/kdelibs/kde.org-security-fix.patch
@@ -0,0 +1,37 @@
+diff -rduN kdelibs-old/kdecore/kapplication.cpp kdelibs-new/kdecore/kapplication.cpp
+--- kdelibs-old/kdecore/kapplication.cpp	2004-04-04 11:08:10.000000000 +0200
++++ kdelibs-new/kdecore/kapplication.cpp	2004-05-18 16:54:14.000000000 +0200
+@@ -2165,7 +2165,7 @@
+ 
+    if (command.isEmpty() || command == QString::fromLatin1("kmail")
+        || command.endsWith("/kmail"))
+-     command = QString::fromLatin1("kmail --composer -s %s -c %c -b %b --body %B --attach %A %t");
++     command = QString::fromLatin1("kmail --composer -s %s -c %c -b %b --body %B --attach %A -- %t");
+ 
+    // TODO: Take care of the preferred terminal app (instead of hardcoding
+    // Konsole), this will probably require a rewrite of the configurable
+diff -rduN kdelibs-old/kio/misc/ktelnetservice.cpp kdelibs-new/kio/misc/ktelnetservice.cpp
+--- kdelibs-old/kio/misc/ktelnetservice.cpp	2004-02-28 10:50:23.000000000 +0100
++++ kdelibs-new/kio/misc/ktelnetservice.cpp	2004-05-18 17:06:26.000000000 +0200
+@@ -77,10 +77,19 @@
+ 		cmd << url.user();
+ 	}
+ 
++        QString host;
+         if (!url.host().isEmpty())
+-           cmd << url.host(); // telnet://host
++           host = url.host(); // telnet://host
+         else if (!url.path().isEmpty())
+-           cmd << url.path(); // telnet:host
++           host = url.path(); // telnet:host
++
++        if (host.isEmpty() || host.startsWith("-"))
++        {
++            kdError() << "Invalid hostname " << host << endl;
++            return 2;
++        }
++
++        cmd << host;
+         
+ 	if (url.port()){
+             if ( url.protocol() == "ssh" )