diff --git a/htmldoc-1.9.15-source.tar.gz b/htmldoc-1.9.15-source.tar.gz
deleted file mode 100644
index dd751e4..0000000
--- a/htmldoc-1.9.15-source.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c283318b28123c99bba5e9b6f51c3e6da161509e5b79cf32dda39f1c2a754c70
-size 3388557
diff --git a/htmldoc-1.9.16-source.tar.gz b/htmldoc-1.9.16-source.tar.gz
new file mode 100644
index 0000000..6de53cb
--- /dev/null
+++ b/htmldoc-1.9.16-source.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b1086385c4c16cdabe428ab1aa041266baebee39f222cf6a3947b41027b7dae3
+size 3389563
diff --git a/htmldoc-CVE-2022-27114.patch b/htmldoc-CVE-2022-27114.patch
deleted file mode 100644
index debbb9a..0000000
--- a/htmldoc-CVE-2022-27114.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
-index 8aeccced..9b4d11de 100644
---- a/htmldoc/image.cxx
-+++ b/htmldoc/image.cxx
-@@ -26,6 +26,13 @@ extern "C" {		/* Workaround for JPEG header problems... */
- #endif // HAVE_LIBPNG
- 
- 
-+/*
-+ * Limits...
-+ */
-+
-+#define IMAGE_MAX_DIM	37837		// Maximum dimension - sqrt(4GiB / 3)
-+
-+
- /*
-  * GIF definitions...
-  */
-@@ -926,7 +933,7 @@ image_load_bmp(image_t *img,	/* I - Image to load into */
-   colors_used      = (int)read_dword(fp);
-   read_dword(fp);
- 
--  if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192 || info_size < 0)
-+  if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM || info_size < 0)
-     return (-1);
- 
-   if (info_size > 40)
-@@ -1278,7 +1285,7 @@ image_load_gif(image_t *img,	/* I - Image pointer */
-   img->height = (buf[9] << 8) | buf[8];
-   ncolors     = 2 << (buf[10] & 0x07);
- 
--  if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767)
-+  if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
-     return (-1);
- 
-   // If we are writing an encrypted PDF file, bump the use count so we create
-@@ -1326,7 +1333,7 @@ image_load_gif(image_t *img,	/* I - Image pointer */
-           img->height = (buf[7] << 8) | buf[6];
-           img->depth  = gray ? 1 : 3;
- 
--	  if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767)
-+	  if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
- 	    return (-1);
- 
-           if (transparent >= 0)
-@@ -1443,6 +1450,12 @@ JSAMPROW			row;		/* Sample row pointer */
-   img->height = (int)cinfo.output_height;
-   img->depth  = (int)cinfo.output_components;
- 
-+  if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
-+  {
-+    jpeg_destroy_decompress(&cinfo);
-+    return (-1);
-+  }
-+
-   if (!load_data)
-   {
-     jpeg_destroy_decompress(&cinfo);
-@@ -1598,6 +1611,12 @@ image_load_png(image_t *img,	/* I - Image pointer */
-   img->width  = (int)png_get_image_width(pp, info);
-   img->height = (int)png_get_image_height(pp, info);
- 
-+  if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM)
-+  {
-+    png_destroy_read_struct(&pp, &info, NULL);
-+    return (-1);
-+  }
-+
-   if (color_type & PNG_COLOR_MASK_ALPHA)
-   {
-     if ((PSLevel == 0 && PDFVersion >= 14) || PSLevel == 3)
-
diff --git a/htmldoc-CVE-2022-28085.patch b/htmldoc-CVE-2022-28085.patch
deleted file mode 100644
index c10e4f2..0000000
--- a/htmldoc-CVE-2022-28085.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: htmldoc-1.9.15/htmldoc/ps-pdf.cxx
-===================================================================
---- htmldoc-1.9.15.orig/htmldoc/ps-pdf.cxx
-+++ htmldoc-1.9.15/htmldoc/ps-pdf.cxx
-@@ -3583,6 +3583,8 @@ pdf_write_names(FILE *out)		/* I - Outpu
-     pdf_start_object(out);
-     float x, y;
- 
-+    check_pages(link->page);
-+
-     x = 0.0f;
-     y = link->top + pages[link->page].bottom;
-     pspdf_transform_coords(pages + link->page, x, y);
diff --git a/htmldoc.changes b/htmldoc.changes
index afc325d..0245710 100644
--- a/htmldoc.changes
+++ b/htmldoc.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Jul 11 08:00:48 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.9.16:
+  * Added support for $DATE(format) and $TIME(format) header/footer strings
+  * (Issue #472)
+  * Fixed a potential image overflow bug with JPEG and PNG images (htmldoc-CVE-2022-27114.patch)
+  * Fixed potential heap overflow bugs with pages (CVE-2022-28085)
+  * Fixed potential use-after-free in blocks (Issue #484)
+  * Updated the GNU TLS HTTPS support code to use a faster connection shutdown
+  * mode (Issue #487)
+  * Fixed some minor Coverity warnings.
+- drop htmldoc-CVE-2022-27114.patch, htmldoc-CVE-2022-28085.patch (upstream)
+
 -------------------------------------------------------------------
 Wed May 11 07:35:17 UTC 2022 - pgajdos@suse.com
 
diff --git a/htmldoc.spec b/htmldoc.spec
index 5597538..5064eca 100644
--- a/htmldoc.spec
+++ b/htmldoc.spec
@@ -17,17 +17,13 @@
 
 
 Name:           htmldoc
-Version:        1.9.15
+Version:        1.9.16
 Release:        0
 Summary:        HTML Processor that Generates HTML, PostScript, and PDF Files
 License:        LGPL-2.1-or-later
 Group:          Productivity/Publishing/HTML/Tools
 URL:            https://michaelrsweet.github.io/htmldoc/index.html
 Source:         https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
-# CVE-2022-28085 [bsc#1198933], Heap buffer overflow in function pdf_write_names in ps-pdf.cxx
-Patch0:         htmldoc-CVE-2022-28085.patch
-# CVE-2022-27114 [bsc#1199370], image_load_jpeg can cause integer overflow
-Patch1:         htmldoc-CVE-2022-27114.patch
 BuildRequires:  fltk-devel
 BuildRequires:  gcc-c++
 BuildRequires:  hicolor-icon-theme