diff --git a/expat-2.4.4.tar.xz b/expat-2.4.4.tar.xz
deleted file mode 100644
index 1feebe8..0000000
--- a/expat-2.4.4.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b5d25d6e373351c2ed19b562b4732d01d2589ac8c8e9e7962d8df1207cc311b8
-size 449448
diff --git a/expat-2.4.4.tar.xz.asc b/expat-2.4.4.tar.xz.asc
deleted file mode 100644
index e64e933..0000000
--- a/expat-2.4.4.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmH11+gACgkQliYqz/vT
-rsYnng/+PctRB7klFTZ8BhmZXw7p3zasX9j17kY1/a24LT79mBNz+jSlxHI1nhwQ
-ML9Tn3H/YdyriqYYVngjqrNoUFxGmTvF/VHE92AZ1AoDyqDUmzj061hcAIJvFevz
-Ucn3f4dgBZJ8qsys0Y3SIaEZNLdTkOz4wT2czSdWHxwaGS/FCa28wJ3ed5Sr8dSS
-KMzt6WG6nkqPUNMnlgX24wmg+Y5wcdGipTD/hbDoSkSWK5s2qUhNDs8Nuq8MLKu4
-PAawLOg/TyZAN36nX7/WZiaPB5pOgLsgP94DOyQBtF4+O/tGTADKazhV7e5pOwTb
-dzdGBzpgbhIa70V/iSLX0TcE8NlFEp3RLMd9Yv19w/S7Dhju3ZrcjVVpwlwnR16w
-nWr5vNMw+HiF0QrtKt1swSex5GuMHbzGAQqAfOQZwGPe/kDfC6TSwKvJwWOjVzuF
-JYoFMAM2vIT6zf0l5HvmysFEx9Z0hFuV9/R2cv5ADqWLj88L4sQGaVQrmJDuYxao
-swYRHqOkl2T36prwQPpHXs8B1GovuMTJqBf3WwBx00TC+/slvM04HCx02p6zk2HV
-awfYf93A8HiywTmlQCOoSBve7tvpluNulICCAOHmxeE4DpZvjjHqEtfUeyiKrtnN
-pTWzdnmoxC95gBKxft3VAx6RNk144kNQUYIJ+N6SulBI72O2hVI=
-=vDlI
------END PGP SIGNATURE-----
diff --git a/expat-2.4.5.tar.xz b/expat-2.4.5.tar.xz
new file mode 100644
index 0000000..dd6a2d4
--- /dev/null
+++ b/expat-2.4.5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f2af8fc7cdc63a87920da38cd6d12cb113c3c3a3f437495b1b6541e0cff32579
+size 451976
diff --git a/expat-2.4.5.tar.xz.asc b/expat-2.4.5.tar.xz.asc
new file mode 100644
index 0000000..455e9bb
--- /dev/null
+++ b/expat-2.4.5.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmIQIVMACgkQliYqz/vT
+rsZNsRAA3qPnwBxSt1i6FAUboOmAlTCzQZ9onSvS9bD74mMxsyGMv0opLK9xhqa/
+O4M8Of+IiBhL6I96zMZ8CKz7eh4yvEg9jqK22ef6mvXzIiX6xMOAj1C+k7CxDttC
+aHHZQmZWYk5istEwPgLdP3n7bdLzlWpxlqioFYEL7yoPF6v5UDXBf8Jd6xQpHPsz
+LSOtd2YDYc0cKHtaJi4MKV/APmsDuC+/dYE6uoZHZnZjkVDmYJ5etnobLOZqg1SF
+S+pCbEQCSOna3pkTFWQdhLYPCSIrE9LmDi8sNdTRoJc5WemAOFBNXF8cXOFfXd71
+7Nn001pQ+p4gDiI76tKnKbcjczR6VQtEyStNDvB03uZuty3/p6MYEFQtFsxCbUmd
+ajovIQrxjAxNvtFCM5Ydv8wlNRNpU7YqKvhz7Jc6AHHpcJvwCQyO+FTCKadympOS
+RwcTdQYhlmCC2muEyRonjjRt7rs9KTParenCF8zYPGTtNJD0q8cBF55s/nIRQUaj
+AHIdJoeT4/EF7BHKO+HruSOtAVK0y2aECYnh0lYiJkQsZVay5mvwSKoxcCwo/+l5
+VIXqlzQVnlG8ADxzuVE36O3j2hYuQOsrBJszzl2xuptLv8X3V2BGowc1KS+CtECL
+b7xNb/LemKtpAxIJ6bMqv8v+Ph64wjEI3gkHSAFgvkT10Urd8xM=
+=PwCf
+-----END PGP SIGNATURE-----
diff --git a/expat.changes b/expat.changes
index f05e199..22892bf 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Sat Feb 19 09:21:21 UTC 2022 - David Anes <david.anes@suse.com>
+
+- update to 2.4.5 (bsc#1196171, bsc#1196169, bsc#1196168, 
+  bsc#1196026, bsc#1196025):
+    * Security fixes:
+      - CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
+        sequences (e.g. from start tag names) to the XML
+        processing application on top of Expat can cause
+        arbitrary damage (e.g. code execution) depending
+        on how invalid UTF-8 is handled inside the XML
+        processor; validation was not their job but Expat's.
+        Exploits with code execution are known to exist.
+      - CVE-2022-25236 -- Passing (one or more) namespace separator
+        characters in "xmlns[:prefix]" attribute values
+        made Expat send malformed tag names to the XML
+        processor on top of Expat which can cause
+        arbitrary damage (e.g. code execution) depending
+        on such unexpectable cases are handled inside the XML
+        processor; validation was not their job but Expat's.
+        Exploits with code execution are known to exist.
+      - CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
+        that could be triggered by e.g. a 2 megabytes
+        file with a large number of opening braces.
+        Expected impact is denial of service or potentially
+        arbitrary code execution.
+      - CVE-2022-25314 -- Fix integer overflow in function copyString;
+        only affects the encoding name parameter at parser creation
+        time which is often hardcoded (rather than user input),
+        takes a value in the gigabytes to trigger, and a 64-bit
+        machine.  Expected impact is denial of service.
+      - CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
+        needs input in the gigabytes and a 64-bit machine.
+        Expected impact is denial of service or potentially
+        arbitrary code execution.
+    * Other changes:
+      - Version info bumped from 9:4:8 to 9:5:8;
+        see https://verbump.de/ for what these numbers do
+
 -------------------------------------------------------------------
 Mon Jan 31 06:13:13 UTC 2022 - David Anes <david.anes@suse.com>
 
diff --git a/expat.spec b/expat.spec
index fdd3a1e..3b34222 100644
--- a/expat.spec
+++ b/expat.spec
@@ -16,9 +16,9 @@
 #
 
 
-%global unversion 2_4_4
+%global unversion 2_4_5
 Name:           expat
-Version:        2.4.4
+Version:        2.4.5
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT