diff --git a/avahi-CVE-2021-3468.patch b/avahi-CVE-2021-3468.patch
new file mode 100644
index 0000000..1f9673f
--- /dev/null
+++ b/avahi-CVE-2021-3468.patch
@@ -0,0 +1,40 @@
+From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <sirmy15@gmail.com>
+Date: Fri, 26 Mar 2021 11:50:24 +0100
+Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+If a client fills the input buffer, client_work() disables the
+AVAHI_WATCH_IN event, thus preventing the function from executing the
+`read` syscall the next times it is called. However, if the client then
+terminates the connection, the socket file descriptor receives a HUP
+event, which is not handled, thus the kernel keeps marking the HUP event
+as occurring. While iterating over the file descriptors that triggered
+an event, the client file descriptor will keep having the HUP event and
+the client_work() function is always called with AVAHI_WATCH_HUP but
+without nothing being done, thus entering an infinite loop.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
+---
+ avahi-daemon/simple-protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
+index 3e0ebb1..6c0274d 100644
+--- a/avahi-daemon/simple-protocol.c
++++ b/avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
+         }
+     }
+ 
++    if (events & AVAHI_WATCH_HUP) {
++        client_free(c);
++        return;
++    }
++
+     c->server->poll_api->watch_update(
+         watch,
+         (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
+-- 
+2.31.1
+
diff --git a/avahi.spec b/avahi.spec
index 334d336..1bb9e3e 100644
--- a/avahi.spec
+++ b/avahi.spec
@@ -68,7 +68,7 @@
 Summary:	Avahi service discovery (mDNS/DNS-SD) suite
 Name:		avahi
 Version:	0.6.32
-Release:	14
+Release:	15
 License:	LGPLv2+
 Group:		System/Servers
 Url:		http://avahi.org/
@@ -80,6 +80,7 @@ Patch0:		avahi-0.6.31-gtk-is-broken-beyond-repair-gtk-die-die-die.patch
 Patch1:		avahi-0.6.31.workaround.patch
 Patch2:		avahi-0.6.31-avahi-gir-fixup.patch
 Patch3:		avahi-0.6.32-CVE-2017-6519.patch
+Patch4:		avahi-CVE-2021-3468.patch
 BuildRequires:	intltool
 BuildRequires:	pygtk2.0
 BuildRequires:	cap-devel