diff --git a/net/strongswan4/Makefile b/net/strongswan4/Makefile
index 65f03ce09..30440202b 100644
--- a/net/strongswan4/Makefile
+++ b/net/strongswan4/Makefile
@@ -1,5 +1,5 @@
 # 
-# Copyright (C) 2010-2011 OpenWrt.org
+# Copyright (C) 2010-2012 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
 PKG_VERSION:=4.5.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://download.strongswan.org/
diff --git a/net/strongswan4/patches/400-CVE-2012-2388.patch b/net/strongswan4/patches/400-CVE-2012-2388.patch
new file mode 100644
index 000000000..2ea59184e
--- /dev/null
+++ b/net/strongswan4/patches/400-CVE-2012-2388.patch
@@ -0,0 +1,21 @@
+From 5a858c3197bbda9acda5289003e9015bef560dc7 Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin@revosec.ch>
+Date: Mon, 7 May 2012 13:51:46 +0200
+Subject: [PATCH] Fix boolean return value if an empty RSA signature is
+ detected in gmp plugin
+
+---
+ src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+@@ -137,7 +137,7 @@ static bool verify_emsa_pkcs1_signature(
+ 
+ 	if (signature.len == 0 || signature.len > this->k)
+ 	{
+-		return INVALID_ARG;
++		return FALSE;
+ 	}
+ 
+ 	/* unpack signature */