diff --git a/package/yast2-bootloader.changes b/package/yast2-bootloader.changes
index 0bd2c4fec..5218bf64b 100644
--- a/package/yast2-bootloader.changes
+++ b/package/yast2-bootloader.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Mar  3 10:06:19 UTC 2014 - jreidinger@suse.com
+
+- fix permissions on file which contain encrypted password to be
+  readable only by root(BNC#864544)(CVE#2013-4577)
+- 3.1.7
+
 -------------------------------------------------------------------
 Thu Feb 27 08:32:24 UTC 2014 - jreidinger@suse.com
 
diff --git a/package/yast2-bootloader.spec b/package/yast2-bootloader.spec
index 96a8bf576..a21a33bf7 100644
--- a/package/yast2-bootloader.spec
+++ b/package/yast2-bootloader.spec
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-bootloader
-Version:        3.1.6
+Version:        3.1.7
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
diff --git a/src/lib/bootloader/grub2pwd.rb b/src/lib/bootloader/grub2pwd.rb
index 490eac1cd..b738caef0 100644
--- a/src/lib/bootloader/grub2pwd.rb
+++ b/src/lib/bootloader/grub2pwd.rb
@@ -22,7 +22,7 @@ def enable(password)
 
     Yast::SCR.Write(
       Yast::Path.new(".target.string"),
-      [PWD_ENCRYPTION_FILE, 0755],
+      [PWD_ENCRYPTION_FILE, 0700],
       file_content
     )
   end
diff --git a/test/grub2pwd_test.rb b/test/grub2pwd_test.rb
index 9c8ba6674..3fb8a6e96 100644
--- a/test/grub2pwd_test.rb
+++ b/test/grub2pwd_test.rb
@@ -57,7 +57,7 @@ def mock_file_presence(exists)
         )
       expect(Yast::SCR).to receive(:Write).with(
         kind_of(Yast::Path),
-        [GRUB2Pwd::PWD_ENCRYPTION_FILE, 0755],
+        [GRUB2Pwd::PWD_ENCRYPTION_FILE, 0700],
         /#{passwd}/
       )