diff --git a/curl-7.37.1.tar.lzma b/curl-7.37.1.tar.lzma
deleted file mode 100644
index 67e3691..0000000
--- a/curl-7.37.1.tar.lzma
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:add81a810081a9f8009d68eecdc2f53c4504cd8368084507917371e42181ce83
-size 2597059
diff --git a/curl-7.37.1.tar.lzma.asc b/curl-7.37.1.tar.lzma.asc
deleted file mode 100644
index 1dc6070..0000000
--- a/curl-7.37.1.tar.lzma.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlPGjoIACgkQeOEcayedXJEelACg3KLWyIN61do2wGJDBbD7OuKE
-BvUAoLM3qS3woSWA33C4+eWHxESUBJhX
-=4sUq
------END PGP SIGNATURE-----
diff --git a/curl-7.38.0.tar.lzma b/curl-7.38.0.tar.lzma
new file mode 100644
index 0000000..a95a764
--- /dev/null
+++ b/curl-7.38.0.tar.lzma
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5bcf1ebe05c691866d0322d687598068e4a8707cc9bcf1bb514dc92d3fef77d5
+size 2607254
diff --git a/curl-7.38.0.tar.lzma.asc b/curl-7.38.0.tar.lzma.asc
new file mode 100644
index 0000000..1bf237b
--- /dev/null
+++ b/curl-7.38.0.tar.lzma.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlQP74cACgkQeOEcayedXJFCawCdH3UiuHmb8+ZZwGJp6lGKzplN
+U6AAnj4WsEGF5Ywf8s4ueF3Y6bFFwX4R
+=9D9Q
+-----END PGP SIGNATURE-----
diff --git a/curl.changes b/curl.changes
index 761235c..d2888d7 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Wed Sep 10 09:07:59 UTC 2014 - vcizek@suse.com
+
+- update to 7.38.0
+  * fixes CVE-2014-3613 (bnc#894575) and CVE-2014-3620 (bnc#895991)
+  * cookie leaks with IP address as domain and TLDs respectively
+  Changes:
+    supports HTTP/2 draft-14
+    CURLE_HTTP2 is a new error code
+    CURLAUTH_NEGOTIATE is a new auth define
+    CURL_VERSION_GSSAPI is a new capability bit
+    no longer use fbopenssl for anything
+    schannel: use CryptGenRandom for random numbers
+    axtls: define curlssl_random using axTLS's PRNG
+    cyassl: use RNG_GenerateBlock to generate a good random number
+    findprotocol: show unsupported protocol within quotes
+    version: detect and show LibreSSL
+    version: detect and show BoringSSL
+    imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
+    http2: requires nghttp2 0.6.0 or later
+  Bugfixes:
+    SECURITY ADVISORY: cookie leak with IP address as domain
+    SECURITY ADVISORY: cookie leak for TLDs
+    And many other fixes
+
 -------------------------------------------------------------------
 Thu Aug 28 21:59:59 UTC 2014 - andreas.stieger@gmx.de
 
diff --git a/curl.spec b/curl.spec
index f71ad08..ebbd393 100644
--- a/curl.spec
+++ b/curl.spec
@@ -21,7 +21,7 @@
 %bcond_without testsuite
 
 Name:           curl
-Version:        7.37.1
+Version:        7.38.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        BSD-3-Clause and MIT