diff --git a/bzip2-1.0.5.tar.gz b/bzip2-1.0.5.tar.gz
deleted file mode 100644
index 0d8513b..0000000
--- a/bzip2-1.0.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f7bf5368309d76e5daf3a89d4d1bea688dac7780742e7a0ae1af19be9316fe22
-size 841402
diff --git a/bzip2-1.0.6.tar.gz b/bzip2-1.0.6.tar.gz
new file mode 100644
index 0000000..8cf2887
--- /dev/null
+++ b/bzip2-1.0.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
+size 782025
diff --git a/bzip2-CVE-2010-0405.patch b/bzip2-CVE-2010-0405.patch
deleted file mode 100644
index 536aedb..0000000
--- a/bzip2-CVE-2010-0405.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Index: bzip2-1.0.5/decompress.c
-===================================================================
---- bzip2-1.0.5.orig/decompress.c
-+++ bzip2-1.0.5/decompress.c
-@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s )
-             es = -1;
-             N = 1;
-             do {
-+               /* Check that N doesn't get too big, so that es doesn't
-+                  go negative.  The maximum value that can be
-+                  RUNA/RUNB encoded is equal to the block size (post
-+                  the initial RLE), viz, 900k, so bounding N at 2
-+                  million should guard against overflow without
-+                  rejecting any legitimate inputs. */
-+               if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
-                if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
-                if (nextSym == BZ_RUNB) es = es + (1+1) * N;
-                N = N * 2;
diff --git a/bzip2.changes b/bzip2.changes
index aab2251..492ee1d 100644
--- a/bzip2.changes
+++ b/bzip2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Sep 23 09:27:21 UTC 2010 - puzel@novell.com
+
+- update to bzip2-1.0.6
+  - fixes CVE-2010-0405
+- drop bzip2-CVE-2010-0405 (upstream)
+
 -------------------------------------------------------------------
 Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com
 
diff --git a/bzip2.spec b/bzip2.spec
index 881bf61..e937bdd 100644
--- a/bzip2.spec
+++ b/bzip2.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package bzip2 (Version 1.0.5)
+# spec file for package bzip2 (Version 1.0.6)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -19,7 +19,7 @@
 
 
 Name:           bzip2
-Version:        1.0.5
+Version:        1.0.6
 Release:        46
 Provides:       bzip
 Obsoletes:      bzip
@@ -45,7 +45,6 @@ Patch:          http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut
 Patch2:         bzip2-maxlen20.patch
 Patch3:         bzip2-faster.patch
 Patch5:         bzip2-unsafe_strcpy.patch
-Patch6:         bzip2-CVE-2010-0405.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -109,7 +108,6 @@ Authors:
 %patch2
 %patch3
 %patch5
-%patch6 -p1
 
 %build
 profile_bzip2()