diff --git a/ImageMagick-6.8.8-1-disable-insecure-coders.patch b/ImageMagick-6.8.8-1-disable-insecure-coders.patch
index 6ce2835..35b7335 100644
--- a/ImageMagick-6.8.8-1-disable-insecure-coders.patch
+++ b/ImageMagick-6.8.8-1-disable-insecure-coders.patch
@@ -1,11 +1,11 @@
-Index: ImageMagick-6.9.4-1/config/policy.xml
+Index: ImageMagick-6.9.4-5/config/policy.xml
===================================================================
---- ImageMagick-6.9.4-1.orig/config/policy.xml 2016-05-09 19:28:58.000000000 +0200
-+++ ImageMagick-6.9.4-1/config/policy.xml 2016-05-17 11:09:37.470928022 +0200
-@@ -64,4 +64,15 @@
-
-
-
+--- ImageMagick-6.9.4-5.orig/config/policy.xml 2016-05-31 10:30:53.221396378 +0200
++++ ImageMagick-6.9.4-5/config/policy.xml 2016-05-31 10:31:24.605900830 +0200
+@@ -66,4 +66,15 @@
+
+
+
+
+
+
diff --git a/ImageMagick-6.9.4-1.tar.xz b/ImageMagick-6.9.4-1.tar.xz
deleted file mode 100644
index 08e287d..0000000
--- a/ImageMagick-6.9.4-1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2ea0fef839cd5d6f134502b7cf7ee0e57a3f230b19771515d4aa44354f4c6b3b
-size 8789688
diff --git a/ImageMagick-6.9.4-1.tar.xz.asc b/ImageMagick-6.9.4-1.tar.xz.asc
deleted file mode 100644
index c60bc0e..0000000
--- a/ImageMagick-6.9.4-1.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXMTreAAoJEImrY9SCdzd6H30P/RG55RDq9x9co7ff6DVcVIqh
-6/zgKm1cvhgk3ssaaqXuQMlqITfDEo4vKfYFapJMYlSPY8o3p+6WWwGSVGurZiLR
-smhlqPLPIyaRmnwoBpiTb+LgzeLfauxznaXI1uh0T2oFPu3UkFay9ChIh1gI2whk
-8HU3fB3EMo8E6Zykb3qsBf4tL59/QJeVyJBa/C1byq1kqZDGaDOhsSalupeIWNSp
-FWpRLp7Gw77r4zyrr6TIjEayY+tgm6zvVJPl2ipvGZ/o+1HkOozhUJp3ni+tWDA4
-UkhJBZIqwc2BETIIl9u3hXI/m8UJ69198b1X0XMpcH7K81iEpOp9kYAfqZfXJjBp
-9Krc0fXLaeaDkSVc70xzXyJwbKJst61gJcCp017+Am+ZLOpxqFuJSOJS6Ua2Fjec
-p/6YuIaxNbI+if8E3Yy34DZh0AojPJ0+GoZk8ZChZL8q9X70eX8Vw04MrUKExS3M
-IK5at4Fk/HRTvfj9gOG+TxChjWcnfpJDr3g+VTIsTFmBqZ4fBkHyFCMPxFTUkCif
-TF6AoGrZxdSOdpDstk6nNDJfzI/n/mipnORRxxivLswrA8gabt04AZJT+fww7Y4x
-rRaBglb7W+GgZSo4yS/Ve+wYLQf8Rhwi2JayJicJ2RnaAyRb4v0eHcHrua4yF5eM
-o6IQM3HqSMPUrXs3uiSp
-=UZ1q
------END PGP SIGNATURE-----
diff --git a/ImageMagick-6.9.4-5.tar.xz b/ImageMagick-6.9.4-5.tar.xz
new file mode 100644
index 0000000..36941a8
--- /dev/null
+++ b/ImageMagick-6.9.4-5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:39a65b8e2371db36cb63709dea0b15f08a6870f8ce6103432f068112d9513c5a
+size 8784244
diff --git a/ImageMagick-6.9.4-5.tar.xz.asc b/ImageMagick-6.9.4-5.tar.xz.asc
new file mode 100644
index 0000000..e9b8fe7
--- /dev/null
+++ b/ImageMagick-6.9.4-5.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJXTFLsAAoJEImrY9SCdzd6GLgQAJeeF5t6PQkb8dAuyc9Ss5j7
+xeg2mG7ez716czxZHzfGkHEDUAUhwpxcNGvR8mIYUpfDQU6C6XdS1DdFCWwfDXdA
+2KcCtsmjHyWVlkLR+HNg76zq11GSXeLaXS2xTuoiXvzYKuUL5izy7rwVQ3j4LPSM
+MptdXajRLQVX1NvHAAuRSTG1vAddd5FGKWx1mNfKEUPXiD++OA+YyoaPlH6SZeMc
+jlHYSpLOsVIobgShbqPo91w4LJ/ofSUFQqK/99tTeGMaxrfEmn8TtWp44g7vZrFO
+Zlmuxmpe9d9PUAPqE2mc8qFfa7/tVi+qiIdgio3cELT2f0bS5woSN5vRo2SsA6Cm
+QtD615yXSrxrG2CQ5vINhRmHK2OoQLheIRzIhZcvgrIJejxsA3ku8LAdvddXHzG5
+UB4AngmaQX8Y9/FGZHpJLD0xkn/k+zNySALQvq+67MJLQI8G63bJfZXssWTk5az8
+G3Z25Z2x+rmkvUlJj7qEUHLhZ50GkSjxHJUixKYwYd24C+ga0fJDtyr9cPQPoUPj
+K7+CwtdO3cV8FM71e1koJuvMcdnhVIezn556U70uQB8FchuLSQ6lGFO/3Ar3gBu8
+4pkrK0+tDKJSC+mXMDUL8Jr+wY+dGL+ZXmYTI7TP4WwEyyT3dqimTWcEQjJEBKNS
+M1q6F1wzyRsCLS9EYOdg
+=Y14c
+-----END PGP SIGNATURE-----
diff --git a/ImageMagick-CVE-2016-5118.patch b/ImageMagick-CVE-2016-5118.patch
new file mode 100644
index 0000000..0505061
--- /dev/null
+++ b/ImageMagick-CVE-2016-5118.patch
@@ -0,0 +1,14 @@
+Index: ImageMagick-6.9.4-1/magick/blob.c
+===================================================================
+--- ImageMagick-6.9.4-1.orig/magick/blob.c 2016-05-09 19:28:58.000000000 +0200
++++ ImageMagick-6.9.4-1/magick/blob.c 2016-05-30 17:33:03.569022390 +0200
+@@ -80,6 +80,9 @@
+ Define declarations.
+ */
+ #define MagickMaxBlobExtent 65541
++
++#undef MAGICKCORE_HAVE_POPEN
++
+ #if !defined(MAP_ANONYMOUS) && defined(MAP_ANON)
+ # define MAP_ANONYMOUS MAP_ANON
+ #endif
diff --git a/ImageMagick.changes b/ImageMagick.changes
index 921700e..cc0a6ce 100644
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Tue May 31 08:32:29 UTC 2016 - pgajdos@suse.com
+
+- updated to 6.9.4-5:
+ * Most OpenCL operations are now executed asynchronous.
+ * Security improvements to TEXT coder broke it (reference
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29754).
+ * Fix stroke offset problem for -annotate (reference
+ https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29626).
+ * Add additional checks to DCM reader to prevent data-driven faults (bug
+ report from Hanno Böck).
+ * Fixed proper placement of text annotation for east / west gravity.
+2016-05-15 6.9.4-3 Cristy
+ * Fix pixel cache on disk regression (reference
+ https://github.com/ImageMagick/ImageMagick/issues/202).
+ * Quote passwords when passed to a delegate program.
+ * Can read geo-related EXIF metdata once-again (reference
+ https://github.com/ImageMagick/ImageMagick/issues/198).
+ * Sanitize all delegate emedded formatting characters.
+ * Don't sync pixel cache in AcquireAuthenticCacheView() (bug report from
+ Hanno Böck).
+
+-------------------------------------------------------------------
+Tue May 31 07:23:22 UTC 2016 - pgajdos@suse.com
+
+- security update:
+ * CVE-2016-5118 [bsc#982178]
+ + ImageMagick-CVE-2016-5118.patch
+
-------------------------------------------------------------------
Tue May 17 09:10:23 UTC 2016 - pgajdos@suse.com
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 7c7bfb7..9654a24 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -63,7 +63,7 @@ BuildRequires: zip
%define maj 6
%define mfr_version %{maj}.9.4
-%define mfr_revision 1
+%define mfr_revision 5
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 2
@@ -93,6 +93,7 @@ Patch4: ImageMagick-6.8.5.7-no-XPMCompliance.patch
# will ask upstream if needed, or if other solution exists
Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch
Patch20: ImageMagick-6.8.8-1-disable-insecure-coders.patch
+Patch21: ImageMagick-CVE-2016-5118.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package -n perl-PerlMagick
@@ -253,6 +254,7 @@ HTML documentation for ImageMagick library and scene examples.
%patch4
%patch11
%patch20 -p1
+%patch21 -p1
# remove executeable bits from per demos
chmod -x PerlMagick/demo/*.pl