diff --git a/srcpkgs/openssh/patches/CVE-2015-5600.patch b/srcpkgs/openssh/patches/CVE-2015-5600.patch
new file mode 100644
index 0000000000..0d98820aea
--- /dev/null
+++ b/srcpkgs/openssh/patches/CVE-2015-5600.patch
@@ -0,0 +1,34 @@
+--- auth2-chall.c	2015/01/19 20:07:45	1.42
++++ auth2-chall.c	2015/07/18 07:57:14	1.43
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
++/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */
+ /*
+  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+  * Copyright (c) 2001 Per Allansson.  All rights reserved.
+@@ -57,6 +57,7 @@
+ 	void *ctxt;
+ 	KbdintDevice *device;
+ 	u_int nreq;
++	u_int devices_done;
+ };
+ 
+ static KbdintAuthctxt *
+@@ -123,11 +124,15 @@
+ 		if (len == 0)
+ 			break;
+ 		for (i = 0; devices[i]; i++) {
+-			if (!auth2_method_allowed(authctxt,
++			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
++			    !auth2_method_allowed(authctxt,
+ 			    "keyboard-interactive", devices[i]->name))
+ 				continue;
+-			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
++			if (strncmp(kbdintctxt->devices, devices[i]->name,
++			    len) == 0) {
+ 				kbdintctxt->device = devices[i];
++				kbdintctxt->devices_done |= 1 << i;
++			}
+ 		}
+ 		t = kbdintctxt->devices;
+ 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index 1939def028..6b3f09724c 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,7 +1,7 @@
 # Template file for 'openssh'
 pkgname=openssh
 version=6.9p1
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="--sbindir=/usr/bin --datadir=/usr/share/openssh
  --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody