diff --git a/srcpkgs/nginx/patches/cve-2016-4450.patch b/srcpkgs/nginx/patches/cve-2016-4450.patch
new file mode 100644
index 00000000000..b2ff7d04637
--- /dev/null
+++ b/srcpkgs/nginx/patches/cve-2016-4450.patch
@@ -0,0 +1,16 @@
+http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html
+
+--- src/os/unix/ngx_files.c
++++ src/os/unix/ngx_files.c
+@@ -183,6 +183,12 @@ ngx_write_chain_to_file(ngx_file_t *file
+         /* create the iovec and coalesce the neighbouring bufs */
+ 
+         while (cl && vec.nelts < IOV_MAX) {
++
++            if (ngx_buf_special(cl->buf)) {
++                cl = cl->next;
++                continue;
++            }
++
+             if (prev == cl->buf->pos) {
+                 iov->iov_len += cl->buf->last - cl->buf->pos;
diff --git a/srcpkgs/nginx/template b/srcpkgs/nginx/template
index eed5da14f44..a6563266f49 100644
--- a/srcpkgs/nginx/template
+++ b/srcpkgs/nginx/template
@@ -1,7 +1,7 @@
 # Template file for 'nginx'
 pkgname=nginx
 version=1.8.1
-revision=4
+revision=5
 makedepends="pcre-devel libressl-devel $(vopt_if geoip geoip-devel)"
 if [ "$CROSS_BUILD" ]; then
 	# fake configure run on host