diff --git a/utils/vim/Makefile b/utils/vim/Makefile
index 03eeec84a..1e1ec75fe 100644
--- a/utils/vim/Makefile
+++ b/utils/vim/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=vim
 PKG_VERSION:=8.1
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 VIMVER:=81
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
diff --git a/utils/vim/patches/003-CVE-2019-12735.patch b/utils/vim/patches/003-CVE-2019-12735.patch
new file mode 100644
index 000000000..bf29ce91d
--- /dev/null
+++ b/utils/vim/patches/003-CVE-2019-12735.patch
@@ -0,0 +1,15 @@
+--- a/src/getchar.c
++++ b/src/getchar.c
+@@ -1407,6 +1407,12 @@ openscript(
+ 	emsg(_(e_nesting));
+ 	return;
+     }
++
++    // Disallow sourcing a file in the sandbox, the commands would be executed
++    // later, possibly outside of the sandbox.
++    if (check_secure())
++	return;
++
+ #ifdef FEAT_EVAL
+     if (ignore_script)
+ 	/* Not reading from script, also don't open one.  Warning message? */