diff --git a/SOURCES/bind99-CVE-2015-8704.patch b/SOURCES/bind99-CVE-2015-8704.patch
new file mode 100644
index 0000000..4aa41f2
--- /dev/null
+++ b/SOURCES/bind99-CVE-2015-8704.patch
@@ -0,0 +1,22 @@
+diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
+index eb927b9..df35025 100644
+--- a/lib/dns/rdata/in_1/apl_42.c
++++ b/lib/dns/rdata/in_1/apl_42.c
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ 	isc_uint8_t len;
+ 	isc_boolean_t neg;
+ 	unsigned char buf[16];
+-	char txt[sizeof(" !64000")];
++	char txt[sizeof(" !64000:")];
+ 	const char *sep = "";
+ 	int n;
+ 
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ 		isc_region_consume(&sr, 1);
+ 		INSIST(len <= sr.length);
+ 		n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+-			     neg ? "!": "", afi);
++			     neg ? "!" : "", afi);
+ 		INSIST(n < (int)sizeof(txt));
+ 		RETERR(str_totext(txt, target));
+ 		switch (afi) {
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index c58e297..f10e986 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -25,7 +25,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.4
-Release:  29%{?PATCHVER}%{?PREVER}%{?dist}.1
+Release:  29%{?PATCHVER}%{?PREVER}%{?dist}.2
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -102,6 +102,7 @@ Patch157:bind99-CVE-2015-5477.patch
 Patch158:bind-99-socket-maxevents.patch
 Patch159:bind99-CVE-2015-5722.patch
 Patch160:bind99-CVE-2015-8000.patch
+Patch161:bind99-CVE-2015-8704.patch
 
 # Native PKCS#11 functionality from 9.10
 Patch150:bind-9.9-allow_external_dnskey.patch
@@ -377,6 +378,7 @@ popd
 %patch158 -p1 -b .sock-maxevents
 %patch159 -p1 -b .CVE-2015-5722
 %patch160 -p1 -b .CVE-2015-8000
+%patch161 -p1 -b .CVE-2015-8704
 
 %if %{PKCS11}
 cp -r bin/named{,-pkcs11}
@@ -1057,6 +1059,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Jan 18 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-29.2
+- Fix CVE-2015-8704
+
 * Mon Dec 14 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-29.1
 - Fix CVE-2015-8000