diff --git a/srcpkgs/shadow/patches/CVE-2016-6252.patch b/srcpkgs/shadow/patches/CVE-2016-6252.patch
new file mode 100644
index 00000000000..cfeedf0506d
--- /dev/null
+++ b/srcpkgs/shadow/patches/CVE-2016-6252.patch
@@ -0,0 +1,28 @@
+--- lib/getulong.c
++++ lib/getulong.c
+@@ -44,22 +44,19 @@
+  */
+ int getulong (const char *numstr, /*@out@*/unsigned long int *result)
+ {
+-	long long int val;
++	unsigned long int val;
+ 	char *endptr;
+ 
+ 	errno = 0;
+-	val = strtoll (numstr, &endptr, 0);
++	val = strtoul (numstr, &endptr, 0);
+ 	if (    ('\0' == *numstr)
+ 	     || ('\0' != *endptr)
+ 	     || (ERANGE == errno)
+-	     /*@+ignoresigns@*/
+-	     || (val != (unsigned long int)val)
+-	     /*@=ignoresigns@*/
+ 	   ) {
+ 		return 0;
+ 	}
+ 
+-	*result = (unsigned long int)val;
++	*result = val;
+ 	return 1;
+ }
+ 
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index e6c28d8873f..0bc6cbff1f2 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,7 +1,7 @@
 # Template file for 'shadow'
 pkgname=shadow
 version=4.2.1
-revision=14
+revision=15
 build_style=gnu-configure
 configure_args="--bindir=/usr/bin --sbindir=/usr/bin
  --libdir=/usr/lib --enable-shared --disable-static