diff --git a/changes/bug20710_025 b/changes/bug20710_025
new file mode 100644
index 000000000..12bd07536
--- /dev/null
+++ b/changes/bug20710_025
@@ -0,0 +1,4 @@
+  o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox):
+    - Fix a memory leak and use-after-free error when removing entries
+      from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on
+      0.2.5.5-alpha. Patch from "cypherpunks".
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 24ba8a299..ebc843e13 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1579,13 +1579,14 @@ sandbox_add_addrinfo(const char *name)
 void
 sandbox_free_getaddrinfo_cache(void)
 {
-  cached_getaddrinfo_item_t **next, **item;
+  cached_getaddrinfo_item_t **next, **item, *this;
 
   for (item = HT_START(getaddrinfo_cache, &getaddrinfo_cache);
        item;
        item = next) {
+    this = *item;
     next = HT_NEXT_RMV(getaddrinfo_cache, &getaddrinfo_cache, item);
-    cached_getaddrinfo_item_free(*item);
+    cached_getaddrinfo_item_free(this);
   }
 
   HT_CLEAR(getaddrinfo_cache, &getaddrinfo_cache);