diff --git a/Module-Signature-0.68.tar.gz b/Module-Signature-0.68.tar.gz
deleted file mode 100644
index db7976f..0000000
--- a/Module-Signature-0.68.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:623d7d8d26dceac49b043f5bc2d83eea95d6dd75bf09200a6631180774c8eb5f
-size 76485
diff --git a/Module-Signature-0.73.tar.gz b/Module-Signature-0.73.tar.gz
new file mode 100644
index 0000000..df6ac6e
--- /dev/null
+++ b/Module-Signature-0.73.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:718520721888ac4a7d930e26c4cd628ca24d60b2b18bddb081b331731a94bbc5
+size 77407
diff --git a/perl-Module-Signature.changes b/perl-Module-Signature.changes
index 786e613..ce18830 100644
--- a/perl-Module-Signature.changes
+++ b/perl-Module-Signature.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jul  3 19:14:29 UTC 2013 - chris@computersalat.de
+
+- update to 0.73
+  * fix for bnc#828010 (CVE-2013-2145)
+    https://bugzilla.novell.com/process_bug.cgi
+    https://bugzilla.redhat.com/show_bug.cgi?id=971096
+  * Properly redo the previous fix using File::Spec->file_name_is_absolute.
+- [Changes for 0.72 - Wed Jun  5 23:19:02 CST 2013]
+  * Only allow loading Digest::* from absolute paths in @INC,
+    by ensuring they begin with \ or / characters.
+    Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.71 - Tue Jun  4 18:24:10 CST 2013]
+  * Constrain the user-specified digest name to /^\w+\d+$/.
+  * Avoid loading Digest::* from relative paths in @INC.
+    Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
+  * Don't check gpg version if gpg does not exist.
+    This avoids unnecessary warnings during installation
+    when gpg executable is not installed.
+    Contributed by: Kenichi Ishigaki
+- [Changes for 0.69 - Fri Nov  2 23:04:19 CST 2012]
+  * Support for gpg under these alternate names:
+    gpg gpg2 gnupg gnupg2
+    Contributed by: Michael Schwern
+
 -------------------------------------------------------------------
 Mon Dec 19 08:35:22 UTC 2011 - cfarrell@suse.com
 
diff --git a/perl-Module-Signature.spec b/perl-Module-Signature.spec
index 22160e0..5afcb58 100644
--- a/perl-Module-Signature.spec
+++ b/perl-Module-Signature.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-Module-Signature
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           perl-Module-Signature
-Version:        0.68
+Version:        0.73
 Release:        0
 %define cpan_name Module-Signature
 Summary:        Module signature file manipulation
@@ -29,7 +29,9 @@ BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
+BuildRequires:  perl(Digest::SHA)
 BuildRequires:  perl(IPC::Run)
+Requires:       perl(Digest::SHA)
 # MANUAL BEGIN
 BuildRequires:  gpg
 Requires:       gpg
@@ -58,7 +60,7 @@ if you are using *Module::Build* or writing your own _MANIFEST.SKIP_.
 
 %prep
 %setup -q -n %{cpan_name}-%{version}
-find . -type f -print0 | xargs -0 chmod 644
+#find . -type f -print0 | xargs -0 chmod 644
 
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor