diff --git a/libexif-0.6.20.tar.bz2 b/libexif-0.6.20.tar.bz2
deleted file mode 100644
index 35b4361..0000000
--- a/libexif-0.6.20.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a772d20bd8fb9802d7f0d70fde6ac8872f87d0c66c52b0d14026dafcaa83d715
-size 1412921
diff --git a/libexif-0.6.21.tar.bz2 b/libexif-0.6.21.tar.bz2
new file mode 100644
index 0000000..aaac9d5
--- /dev/null
+++ b/libexif-0.6.21.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a
+size 1368435
diff --git a/libexif.changes b/libexif.changes
index 7ea60aa..f0c0bc8 100644
--- a/libexif.changes
+++ b/libexif.changes
@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Thu Jul 12 20:02:18 UTC 2012 - meissner@suse.com
+
+- updated to 0.6.21
+  * Fixed some buffer overflows in exif_entry_format_value()
+    This fixes CVE-2012-2814.  Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed an off-by-one error in exif_convert_utf16_to_utf8()
+    This can cause a one-byte NUL write past the end of the buffer.
+    This fixes CVE-2012-2840
+  * Don't read past the end of a tag when converting from UTF-16
+    This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed an out of bounds read on corrupted input
+    The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not,
+    NUL-terminated.
+    This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of
+    Google Security Team
+  * Fixed a buffer overflow problem in exif_entry_get_value
+    If the application passed in a buffer length of 0, then it would
+    be treated as the buffer had unlimited length.
+    This fixes CVE-2012-2841
+  * Fix a buffer overflow on corrupt EXIF data.
+    This fixes bug #3434540 and fixes part of CVE-2012-2836
+    Reported by Yunho Kim
+  * Fix a buffer overflow on corrupted JPEG data
+    An unsigned data length might wrap around when decremented
+    below zero, bypassing sanity checks on length.
+    This code path can probably only occur if exif_data_load_data()
+    is called directly by the application on data that wasn't parsed
+    by libexif itself.
+    This solves the other part of CVE-2012-2836
+  * Fixed some possible division-by-zeros in Olympus-style makernotes
+    This fixes bug #3434545, a.k.a. CVE-2012-2837
+    Reported by Yunho Kim
+
+  * lots and lots of translations updates.
+  * added more Canon lenses.
+  * changed "knots" to "nautical miles"
+
 -------------------------------------------------------------------
 Thu Dec 23 12:24:10 UTC 2010 - aj@suse.de
 
diff --git a/libexif.spec b/libexif.spec
index 14b14fc..acfe4b5 100644
--- a/libexif.spec
+++ b/libexif.spec
@@ -1,7 +1,7 @@
 #
-# spec file for package libexif (Version 0.6.20)
+# spec file for package libexif
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,19 +15,18 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
-
 
 Name:           libexif
-BuildRequires:  doxygen pkg-config
+BuildRequires:  doxygen
+BuildRequires:  pkg-config
 Url:            http://libexif.sourceforge.net
+Summary:        An EXIF Tag Parsing Library for Digital Cameras
 License:        LGPL-2.1+
 Group:          System/Libraries
-Summary:        An EXIF Tag Parsing Library for Digital Cameras
-Version:        0.6.20
-Release:        2
+Version:        0.6.21
+Release:        0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source0:        %{name}-%{version}.tar.bz2
+Source0:        https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
 
 %define pname libexif12
@@ -36,7 +35,6 @@ Source1:        baselibs.conf
 
 %package -n %{pname}
 
-
 Summary:        An EXIF Tag Parsing Library for Digital Cameras
 Group:          System/Libraries
 Provides:       libexif = %{version}
@@ -52,10 +50,10 @@ digital cameras.
 
 
 %package devel
-License:        LGPL-2.1+
-Group:          Development/Libraries/C and C++
 Summary:        An EXIF Tag Parsing Library for Digital Cameras (Development files)
-Requires:       %{pname} = %{version} glibc-devel
+Group:          Development/Libraries/C and C++
+Requires:       %{pname} = %{version}
+Requires:       glibc-devel
 
 %description devel
 This library is used to parse EXIF information from JPEGs created by