diff --git a/librsvg-2.37.0.tar.xz b/librsvg-2.37.0.tar.xz
deleted file mode 100644
index 70f6b0d..0000000
--- a/librsvg-2.37.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:06c57dbcb29369d147b4e6ff4257c42ae5120c504c30fb567a27034ee30fd835
-size 515416
diff --git a/librsvg-2.39.0.tar.xz b/librsvg-2.39.0.tar.xz
new file mode 100644
index 0000000..b1b3f5d
--- /dev/null
+++ b/librsvg-2.39.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aa47dcde0128eee6e3595d203bc673d9c27389588842f401bf585f31fc65095f
+size 519088
diff --git a/librsvg.changes b/librsvg.changes
index 16fe2d0..a950b34 100644
--- a/librsvg.changes
+++ b/librsvg.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Sat Sep 14 15:51:00 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 2.39.0:
+  + Don't load resources from the net (bgo#691708, CVE-2013-1881).
+- The restrictiveness is being correctly addressed by GTK+ 3.9.11;
+  we prefer to have the more secure librsvg variant in 13.1.
+
 -------------------------------------------------------------------
 Wed Aug 21 11:52:14 UTC 2013 - zaitor@opensuse.org
 
diff --git a/librsvg.spec b/librsvg.spec
index a72f4eb..2039605 100644
--- a/librsvg.spec
+++ b/librsvg.spec
@@ -17,13 +17,13 @@
 
 
 Name:           librsvg
-Version:        2.37.0
+Version:        2.39.0
 Release:        0
 Summary:        A Library for Rendering SVG Data
 License:        LGPL-2.0+ and GPL-2.0+
 Group:          System/Libraries
 Url:            http://librsvg.sourceforge.net/
-Source:         http://download.gnome.org/sources/librsvg/2.37/%{name}-%{version}.tar.xz
+Source:         http://download.gnome.org/sources/librsvg/2.39/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  vala