diff --git a/git-2.7.3.tar.sign b/git-2.7.3.tar.sign
deleted file mode 100644
index 78dc8ba..0000000
Binary files a/git-2.7.3.tar.sign and /dev/null differ
diff --git a/git-2.7.3.tar.xz b/git-2.7.3.tar.xz
deleted file mode 100644
index bebe1c2..0000000
--- a/git-2.7.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:89c467912d4740da2b40288f956251f0a1e276e28eecd28a6d776067103629b6
-size 3909636
diff --git a/git-2.7.4.tar.sign b/git-2.7.4.tar.sign
new file mode 100644
index 0000000..97a02d4
Binary files /dev/null and b/git-2.7.4.tar.sign differ
diff --git a/git-2.7.4.tar.xz b/git-2.7.4.tar.xz
new file mode 100644
index 0000000..737a9ef
--- /dev/null
+++ b/git-2.7.4.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dee574defbe05ec7356a0842ddbda51315926f2fa7e39c2539f2c3dcc52e457b
+size 3909636
diff --git a/git.changes b/git.changes
index b7a747a..57d29ff 100644
--- a/git.changes
+++ b/git.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Mar 17 21:22:02 UTC 2016 - astieger@suse.com
+
+- git 2.7.4:
+  Fix remote code execution via buffer overflow (CVE-2016-2315,
+  CVE-2016-2324, bsc#971328)
+  * plug heap corruption holes
+  * catch integer overflow in the computation of pathname lengths
+  * get rid of the name_path API. Both of
+  These would have resulted in writing over an under-allocated
+  buffer when formulating pathnames while tree traversal.
+
 -------------------------------------------------------------------
 Fri Mar 11 08:38:09 UTC 2016 - astieger@suse.com
 
diff --git a/git.spec b/git.spec
index 6991f4e..9ee018e 100644
--- a/git.spec
+++ b/git.spec
@@ -26,7 +26,7 @@
 %endif
 
 Name:           git
-Version:        2.7.3
+Version:        2.7.4
 Release:        0
 Summary:        Fast, scalable, distributed revision control system
 License:        GPL-2.0