diff --git a/srcpkgs/libsasl/patches/CVE-2019-19906.patch b/srcpkgs/libsasl/patches/CVE-2019-19906.patch
new file mode 100644
index 00000000000..f7edb521e89
--- /dev/null
+++ b/srcpkgs/libsasl/patches/CVE-2019-19906.patch
@@ -0,0 +1,15 @@
+https://github.com/cyrusimap/cyrus-sasl/issues/587
+
+diff --git a/lib/common.c b/lib/common.c
+index bc3bf1df..9969d6aa 100644
+--- a/lib/common.c
++++ b/lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
+
+   if (add==NULL) add = "(null)";
+
+-  addlen=strlen(add); /* only compute once */
++  addlen=strlen(add)+1; /* only compute once */
+   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+     return SASL_NOMEM;
+
diff --git a/srcpkgs/libsasl/template b/srcpkgs/libsasl/template
index b9dbe7bc2f8..a8817042f84 100644
--- a/srcpkgs/libsasl/template
+++ b/srcpkgs/libsasl/template
@@ -1,7 +1,7 @@
 # Template file for 'libsasl'
 pkgname=libsasl
 version=2.1.27
-revision=1
+revision=2
 wrksrc="cyrus-sasl-${version}"
 build_style=gnu-configure
 configure_args="--enable-cram --enable-digest --enable-auth-sasldb