diff --git a/srcpkgs/python/patches/patch-Modules_socketmodule.c b/srcpkgs/python/patches/patch-Modules_socketmodule.c
new file mode 100644
index 00000000000..1d88fd921c1
--- /dev/null
+++ b/srcpkgs/python/patches/patch-Modules_socketmodule.c
@@ -0,0 +1,19 @@
+$NetBSD$
+
+Fix vulnerability reported in SA56624. Patch taken from here:
+
+http://hg.python.org/cpython/rev/87673659d8f7
+
+--- Modules/socketmodule.c.orig	2013-11-10 07:36:41.000000000 +0000
++++ Modules/socketmodule.c	2014-02-09 08:41:25.000000000 +0000
+@@ -2742,6 +2742,10 @@
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
++    } else if (recvlen > buflen) {
++        PyErr_SetString(PyExc_ValueError,
++                        "nbytes is greater than the length of the buffer");
++        goto error;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
diff --git a/srcpkgs/python/template b/srcpkgs/python/template
index 818413f64e2..4045abf1316 100644
--- a/srcpkgs/python/template
+++ b/srcpkgs/python/template
@@ -1,8 +1,11 @@
 # Template build file for 'python'.
 pkgname=python
 version=2.7.6
-revision=4
+revision=5
 wrksrc="Python-${version}"
+hostmakedepends="pkg-config"
+makedepends="libffi-devel readline-devel gdbm-devel openssl-devel expat-devel sqlite-devel bzip2-devel zlib-devel"
+pycompile_dirs="usr/lib/python2.7"
 short_desc="Interpreted, interactive, object-oriented programming language"
 maintainer="Juan RP <xtraeme@gmail.com>"
 homepage="http://www.python.org"
@@ -10,17 +13,6 @@ license="PSF"
 distfiles="http://www.python.org/ftp/python/$version/Python-$version.tar.xz"
 checksum=1fd68e81f8bf7386ff239b7faee9ba387129d2cf34eab13350bd8503a0bff6a1
 
-hostmakedepends="pkg-config"
-makedepends="libffi-devel readline-devel gdbm-devel openssl-devel
- expat-devel sqlite-devel bzip2-devel zlib-devel"
-pycompile_dirs="usr/lib/python2.7"
-
-configure_args="
- --with-threads --enable-ipv6 --with-signal-module --enable-shared
- --with-system-ffi --enable-unicode=ucs4 --with-system-expat
- --with-wctype-functions ac_cv_file__dev_ptc=no ac_cv_file__dev_ptmx=yes
- ac_cv_have_long_long_format=yes"
-
 pre_configure() {
 	# Ensure that internal copies of expat, libffi and zlib are not used.
 	rm -r Modules/expat
@@ -29,16 +21,21 @@ pre_configure() {
 }
 
 do_configure() {
-	unset CC LD AR AS RANLIB
+	unset CC CXX LD AR AS RANLIB
 	if [ "$CROSS_BUILD" ]; then
-		CFLAGS=-Os LDFLAGS= ./configure
-		make python
+		CFLAGS=-Os CXXFLAGS= LDFLAGS= ./configure
+		make ${makejobs} python
 		mkdir hostpython
 		mv python hostpython
 		make distclean
 		patch -Np0 -i ${FILESDIR}/Python-${version}-xcompile.patch
 	fi
-	./configure --build=${XBPS_MACHINE}-unknown-linux-gnu ${configure_args}
+	./configure ${configure_args} --build=${XBPS_MACHINE}-unknown-linux-gnu \
+		--with-threads --enable-ipv6 --with-signal-module \
+		--with-system-ffi --enable-unicode=ucs4 --with-system-expat \
+		--with-wctype-functions --enable-shared \
+		ac_cv_file__dev_ptc=no ac_cv_file__dev_ptmx=yes \
+		ac_cv_have_long_long_format=yes
 }
 
 do_build() {