diff --git a/libXi-1.7.1.901.tar.bz2 b/libXi-1.7.1.901.tar.bz2
new file mode 100644
index 0000000..6d0e2b9
--- /dev/null
+++ b/libXi-1.7.1.901.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5248b643fc0b76fff978eefc0acdeee278407983cf7b6e371242e1b53ba32f7c
+size 441364
diff --git a/libXi-1.7.1.tar.bz2 b/libXi-1.7.1.tar.bz2
deleted file mode 100644
index 401599d..0000000
--- a/libXi-1.7.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e92adb6b69c53c51e05c1e65db97e23751b935a693000fb0606c11b88c0066c5
-size 434569
diff --git a/libXi.changes b/libXi.changes
index 43b3626..0171a67 100644
--- a/libXi.changes
+++ b/libXi.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Jun 28 12:32:47 UTC 2013 - tobias.johannes.klausmann@mni.thm.de
+
+- Update to version 1.7.1.901:
+  First and likely only RC for libXi 1.7.2. This one has a bunch of changes
+  for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various
+  integer overflows and other corruption that happens if we trust the server
+  a bit too much on the data we're being sent.
+  On top of those fixes, the sequence number in XI2 events is now set
+  propertly too (#64687).
+
 -------------------------------------------------------------------
 Fri Apr  5 13:51:01 UTC 2013 - tobias.johannes.klausmann@mni.thm.de
 
diff --git a/libXi.spec b/libXi.spec
index 42fde0b..8a5584d 100644
--- a/libXi.spec
+++ b/libXi.spec
@@ -18,7 +18,7 @@
 
 Name:           libXi
 %define lname	libXi6
-Version:        1.7.1
+Version:        1.7.1.901
 Release:        0
 Summary:        X Input Extension library
 License:        MIT