diff --git a/libgit2-0.27.4.tar.gz b/libgit2-0.27.4.tar.gz
deleted file mode 100644
index ffa22bb..0000000
--- a/libgit2-0.27.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0b7ca31cb959ff1b22afa0da8621782afe61f99242bf716c403802ffbdb21d51
-size 4772254
diff --git a/libgit2-0.27.5.tar.gz b/libgit2-0.27.5.tar.gz
new file mode 100644
index 0000000..0dfc793
--- /dev/null
+++ b/libgit2-0.27.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:15f2775f4f325951d9139ed906502b6c71fee6787cada9b045f5994072ccbd33
+size 4775158
diff --git a/libgit2.changes b/libgit2.changes
index 833a469..b5a96aa 100644
--- a/libgit2.changes
+++ b/libgit2.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Sun Oct  7 12:32:42 UTC 2018 - astieger@suse.com
+
+- libgit2 0.27.5:
+  * CVE-2018-17456: Submodule URLs and paths with a leading "-"
+    are now ignored to avoid injecting options into library
+    consumers that perform recursive clones (bsc#1110949)
+  * Avoid a buffer overflow when running repack
+  * Avoid stack overflow from unbounded recursion in configuration
+    file parser
+  * Avoid heap-buffer overflow when parsing "ok" packets
+  * Fix heap-buffer overflows in smart protocol parsing code
+  * Fix potential integer overflows on platforms with 16 bit ints
+  * Fix potential NULL pointer dereference when parsing
+    configuration files
+
 -------------------------------------------------------------------
 Tue Aug 21 08:47:14 UTC 2018 - mpluskal@suse.com
 
diff --git a/libgit2.spec b/libgit2.spec
index 106e191..54183c4 100644
--- a/libgit2.spec
+++ b/libgit2.spec
@@ -19,7 +19,7 @@
 
 %define sover 27
 Name:           libgit2
-Version:        0.27.4
+Version:        0.27.5
 Release:        0
 Summary:        C git library
 License:        GPL-2.0 WITH GCC-exception-2.0