diff --git a/SOURCES/ntp-4.2.6p5-cve-2016-7429.patch b/SOURCES/ntp-4.2.6p5-cve-2016-7429.patch
index 0a8c228..ddaffeb 100644
--- a/SOURCES/ntp-4.2.6p5-cve-2016-7429.patch
+++ b/SOURCES/ntp-4.2.6p5-cve-2016-7429.patch
@@ -7,7 +7,7 @@ diff -up ntp-4.2.6p5/ntpd/ntp_peer.c.cve-2016-7429 ntp-4.2.6p5/ntpd/ntp_peer.c
  		if (SOCK_EQ(srcadr, &p->srcadr) &&
 -		    NSRCPORT(srcadr) == NSRCPORT(&p->srcadr)) {
 +		    NSRCPORT(srcadr) == NSRCPORT(&p->srcadr) &&
-+		    p->dstadr == rbufp->dstadr) {
++		    (p->hmode == MODE_BCLIENT || p->dstadr == rbufp->dstadr)) {
  
  			/*
  			 * if the association matching rules determine
diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec
index 3a7e62a..2cc1c0b 100644
--- a/SPECS/ntp.spec
+++ b/SPECS/ntp.spec
@@ -1,7 +1,7 @@
 Summary: The NTP daemon and utilities
 Name: ntp
 Version: 4.2.6p5
-Release: 25%{?dist}.1
+Release: 25%{?dist}.2
 # primary license (COPYRIGHT) : MIT
 # ElectricFence/ (not used) : GPLv2
 # kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -264,7 +264,7 @@ This package contains NTP documentation in HTML format.
 # pool.ntp.org vendor zone which will be used in ntp.conf
 %if 0%{!?vendorzone:1}
 %{?fedora: %global vendorzone fedora.}
-%{?rhel: %global vendorzone centos.}
+%{?rhel: %global vendorzone rhel.}
 %endif
 
 %prep
@@ -557,8 +557,8 @@ popd
 %{ntpdocdir}/html
 
 %changelog
-* Sun Feb 05 2017 CentOS Sources <bugs@centos.org> - 4.2.6p5-25.el7.centos.1
-- rebrand vendorzone
+* Tue Feb 28 2017 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-25.el7_3.2
+- fix CVE-2016-7429 patch to work correctly on multicast client (#1427573)
 
 * Wed Jan 11 2017 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-25.el7_3.1
 - don't limit rate of packets from sources (CVE-2016-7426)