diff --git a/screen-cc.patch b/screen-cc.patch
new file mode 100644
index 0000000..2c2e94d
--- /dev/null
+++ b/screen-cc.patch
@@ -0,0 +1,323 @@
+commit 6eb1f1426bfd99f88d927838d51eabc2b13e73af
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jan 13 17:37:47 2011 +0100
+
+    Avoid dereferencing null pointer in utmp.c.
+
+diff --git a/src/utmp.c b/src/utmp.c
+index aae1948..fa8b87b 100644
+--- a/src/utmp.c
++++ b/src/utmp.c
+@@ -575,7 +575,7 @@ struct win *wi;
+     return ut_delete_user(slot, u.ut_pid, 0, 0) != 0;
+ #endif
+ #ifdef HAVE_UTEMPTER
+-  if (eff_uid && wi->w_ptyfd != -1)
++  if (eff_uid && wi && wi->w_ptyfd != -1)
+     {
+       /* sigh, linux hackers made the helper functions void */
+       if (SLOT_USED(u))
+
+commit 4ebd6db10c712eb56d4e61f1a8d4a41d0465ed89
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jan 13 17:36:06 2011 +0100
+
+    Add more tty checks.
+
+diff --git a/src/extern.h b/src/extern.h
+index 2b9722e..c787d99 100644
+--- a/src/extern.h
++++ b/src/extern.h
+@@ -110,6 +110,7 @@ extern void  brktty __P((int));
+ extern struct baud_values *lookup_baud __P((int bps));
+ extern int   SetBaud __P((struct mode *, int, int));
+ extern int   SttyMode __P((struct mode *, char *));
++extern int   CheckTtyname __P((char *));
+ 
+ 
+ /* mark.c */
+diff --git a/src/screen.c b/src/screen.c
+index 3dde3b4..cc8f565 100644
+--- a/src/screen.c
++++ b/src/screen.c
+@@ -970,8 +970,13 @@ char **av;
+ 	else \
+ 	  attach_tty = ""; \
+       } \
+-    else if (stat(attach_tty, &st)) \
+-      Panic(errno, "Cannot access '%s'", attach_tty); \
++    else \
++      { \
++	if (stat(attach_tty, &st)) \
++	  Panic(errno, "Cannot access '%s'", attach_tty); \
++	if (CheckTtyname(attach_tty)) \
++	  Panic(0, "Bad tty '%s'", attach_tty); \
++      } \
+     if (strlen(attach_tty) >= MAXPATHLEN) \
+       Panic(0, "TtyName too long - sorry."); \
+   } while (0)
+diff --git a/src/tty.sh b/src/tty.sh
+index f2afd54..e264796 100644
+--- a/src/tty.sh
++++ b/src/tty.sh
+@@ -60,6 +60,7 @@ exit 0
+ #include <sys/types.h>
+ #include <signal.h>
+ #include <fcntl.h>
++#include <sys/stat.h>
+ #ifndef sgi
+ # include <sys/file.h>
+ #endif
+@@ -1506,6 +1507,19 @@ int ibaud, obaud;
+   return 0;
+ }
+ 
++
++int
++CheckTtyname (tty)
++char *tty;
++{
++  struct stat st;
++
++  if (lstat(tty, &st) || !S_ISCHR(st.st_mode) ||
++     (st.st_nlink > 1 && strncmp(tty, "/dev/", 5)))
++    return -1;
++  return 0;
++}
++
+ /*
+  *  Write out the mode struct in a readable form
+  */
+diff --git a/src/utmp.c b/src/utmp.c
+index afa0948..aae1948 100644
+--- a/src/utmp.c
++++ b/src/utmp.c
+@@ -361,7 +361,7 @@ RemoveLoginSlot()
+       char *tty;
+       debug("couln't zap slot -> do mesg n\n");
+       D_loginttymode = 0;
+-      if ((tty = ttyname(D_userfd)) && stat(tty, &stb) == 0 && (int)stb.st_uid == real_uid && ((int)stb.st_mode & 0777) != 0666)
++      if ((tty = ttyname(D_userfd)) && stat(tty, &stb) == 0 && (int)stb.st_uid == real_uid && !CheckTtyname(tty) && ((int)stb.st_mode & 0777) != 0666)
+ 	{
+ 	  D_loginttymode = (int)stb.st_mode & 0777;
+ 	  chmod(D_usertty, stb.st_mode & 0600);
+@@ -387,7 +387,7 @@ RestoreLoginSlot()
+     }
+   UT_CLOSE;
+   D_loginslot = (slot_t)0;
+-  if (D_loginttymode && (tty = ttyname(D_userfd)))
++  if (D_loginttymode && (tty = ttyname(D_userfd)) && !CheckTtyname(tty))
+     chmod(tty, D_loginttymode);
+ }
+ 
+@@ -853,7 +853,7 @@ getlogin()
+ 
+   for (fd = 0; fd <= 2 && (tty = ttyname(fd)) == NULL; fd++)
+     ;
+-  if ((tty == NULL) || ((fd = open(UTMP_FILE, O_RDONLY)) < 0))
++  if ((tty == NULL) || CheckTtyname(tty) || ((fd = open(UTMP_FILE, O_RDONLY)) < 0))
+     return NULL;
+   tty = stripdev(tty);
+   retbuf[0] = '\0';
+
+commit 8e7fcb821dc7204a27d88707284e259444671c12
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jan 13 17:31:16 2011 +0100
+
+    Don't assign address of auto variable to outer scope symbol.
+
+diff --git a/src/socket.c b/src/socket.c
+index 940034d..7507d75 100644
+--- a/src/socket.c
++++ b/src/socket.c
+@@ -722,6 +722,7 @@ struct msg *mp;
+   char *args[MAXARGS];
+   register int n;
+   register char **pp = args, *p = mp->m.create.line;
++  char buf[20];
+ 
+   nwin = nwin_undef;
+   n = mp->m.create.nargs;
+@@ -731,7 +732,6 @@ struct msg *mp;
+   if (n)
+     {
+       int l, num;
+-      char buf[20];
+ 
+       l = strlen(p);
+       if (IsNumColon(p, 10, buf, sizeof(buf)))
+
+commit 2a0e0dc7e05b36f374a074f6627efece3695f8c7
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jan 13 17:24:04 2011 +0100
+
+    Remove redundant if statements.
+
+diff --git a/src/braille_tsi.c b/src/braille_tsi.c
+index 6768291..6f84913 100644
+--- a/src/braille_tsi.c
++++ b/src/braille_tsi.c
+@@ -127,7 +127,6 @@ display_status_tsi()
+   r = read(bd.bd_fd,ibuf,1);
+   if (r != 1)
+     return -1;
+-  if (r != -1)
+   if (ibuf[0] == 'V')
+     r = read(bd.bd_fd, ibuf, 3);
+   else
+diff --git a/src/fileio.c b/src/fileio.c
+index 88fbf64..bd29011 100644
+--- a/src/fileio.c
++++ b/src/fileio.c
+@@ -80,8 +80,6 @@ register char *str1, *str2;
+     }
+   else
+     {
+-      if (len1 == 0)
+-	return 0;
+       if ((cp = malloc((unsigned) len1 + add_colon + 1)) == NULL)
+ 	Panic(0, "%s", strnomem);
+       cp[len1 + add_colon] = '\0';
+
+commit e75e7a0cf5319e10aae0c45e17ce70d86ef2aee8
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jan 13 17:18:59 2011 +0100
+
+    Set PAM_TTY item.
+
+diff --git a/src/attacher.c b/src/attacher.c
+index 1fab5b2..460f1ea 100644
+--- a/src/attacher.c
++++ b/src/attacher.c
+@@ -861,6 +861,7 @@ screen_builtin_lck()
+ #ifdef USE_PAM
+   pam_handle_t *pamh = 0;
+   int pam_error;
++  char *tty_name;
+ #else
+   char *pass, mypass[16 + 1], salt[3];
+ #endif
+@@ -932,6 +933,15 @@ screen_builtin_lck()
+       pam_error = pam_start("screen", ppp->pw_name, &PAM_conversation, &pamh);
+       if (pam_error != PAM_SUCCESS)
+ 	AttacherFinit(SIGARG);		/* goodbye */
++
++      if (strncmp(attach_tty, "/dev/", 5) == 0)
++	tty_name = attach_tty + 5;
++      else
++	tty_name = attach_tty;
++      pam_error = pam_set_item(pamh, PAM_TTY, tty_name);
++      if (pam_error != PAM_SUCCESS)
++	AttacherFinit(SIGARG);		/* goodbye */
++
+       pam_error = pam_authenticate(pamh, 0);
+       pam_end(pamh, pam_error);
+       PAM_conversation.appdata_ptr = 0;
+
+commit eb2e13f633f9615e9b60f19e1649f46bd07b2802
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Thu Jan 13 17:16:59 2011 +0100
+
+    Check return code from setgid/setuid.
+
+diff --git a/src/attacher.c b/src/attacher.c
+index 370d594..1fab5b2 100644
+--- a/src/attacher.c
++++ b/src/attacher.c
+@@ -185,8 +185,8 @@ int how;
+ 	  if (ret == SIG_POWER_BYE)
+ 	    {
+ 	      int ppid;
+-	      setgid(real_gid);
+-	      setuid(real_uid);
++	      if (setgid(real_gid) || setuid(real_uid))
++		Panic(errno, "setuid/gid");
+ 	      if ((ppid = getppid()) > 1)
+ 		Kill(ppid, SIGHUP);
+ 	      exit(0);
+@@ -282,7 +282,10 @@ int how;
+ #ifdef MULTIUSER
+   if (!multiattach)
+ #endif
+-    setuid(real_uid);
++    {
++      if (setuid(real_uid))
++        Panic(errno, "setuid");
++    }
+ #if defined(MULTIUSER) && defined(USE_SETEUID)
+   else
+     {
+@@ -290,7 +293,8 @@ int how;
+       xseteuid(real_uid); /* multi_uid, allow backend to send signals */
+     }
+ #endif
+-  setgid(real_gid);
++  if (setgid(real_gid))
++    Panic(errno, "setgid");
+   eff_uid = real_uid;
+   eff_gid = real_gid;
+ 
+@@ -486,7 +490,8 @@ AttacherFinit SIGDEFARG
+ #ifdef MULTIUSER
+   if (tty_oldmode >= 0)
+     {
+-      setuid(own_uid);
++      if (setuid(own_uid))
++        Panic(errno, "setuid");
+       chmod(attach_tty, tty_oldmode);
+     }
+ #endif
+@@ -504,11 +509,14 @@ AttacherFinitBye SIGDEFARG
+   if (multiattach)
+     exit(SIG_POWER_BYE);
+ #endif
+-  setgid(real_gid);
++  if (setgid(real_gid))
++    Panic(errno, "setgid");
+ #ifdef MULTIUSER
+-  setuid(own_uid);
++  if (setuid(own_uid))
++    Panic(errno, "setuid");
+ #else
+-  setuid(real_uid);
++  if (setuid(real_uid))
++    Panic(errno, "setuid");
+ #endif
+   /* we don't want to disturb init (even if we were root), eh? jw */
+   if ((ppid = getppid()) > 1)
+@@ -679,11 +687,14 @@ static sigret_t
+ LockHup SIGDEFARG
+ {
+   int ppid = getppid();
+-  setgid(real_gid);
++  if (setgid(real_gid))
++    Panic(errno, "setgid");
+ #ifdef MULTIUSER
+-  setuid(own_uid);
++  if (setuid(own_uid))
++    Panic(errno, "setuid");
+ #else
+-  setuid(real_uid);
++  if (setuid(real_uid))
++    Panic(errno, "setuid");
+ #endif
+   if (ppid > 1)
+     Kill(ppid, SIGHUP);
+@@ -710,11 +721,14 @@ LockTerminal()
+       if ((pid = fork()) == 0)
+         {
+           /* Child */
+-          setgid(real_gid);
++          if (setgid(real_gid))
++            Panic(errno, "setgid");
+ #ifdef MULTIUSER
+-          setuid(own_uid);
++          if (setuid(own_uid))
++            Panic(errno, "setuid");
+ #else
+-          setuid(real_uid);	/* this should be done already */
++          if (setuid(real_uid))   /* this should be done already */
++            Panic(errno, "setuid");
+ #endif
+           closeallfiles(0);	/* important: /etc/shadow may be open */
+           execl(prg, "SCREEN-LOCK", NULL);
diff --git a/screen.spec b/screen.spec
index cd2a467..5255c24 100644
--- a/screen.spec
+++ b/screen.spec
@@ -21,6 +21,7 @@ Source2: screen.tmpfs
 Patch1: screen-4.0.3-libs.patch
 Patch2: screen-4.0.3-screenrc.patch
 Patch3: screen-ipv6.patch
+Patch4: screen-cc.patch
 
 %description
 The screen utility allows you to have multiple logins on just one
@@ -37,6 +38,7 @@ support multiple logins on one terminal.
 %patch1 -p1 -b .libs
 %patch2 -p1 -b .screenrc
 %patch3 -p2 -b .ipv6
+%patch4 -p2 -b .cc
 
 %build
 ./autogen.sh