diff --git a/lzo-2.06.tar.gz b/lzo-2.06.tar.gz
deleted file mode 100644
index 2b33f3e..0000000
--- a/lzo-2.06.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ff79e6f836d62d3f86ef6ce893ed65d07e638ef4d3cb952963471b4234d43e73
-size 583045
diff --git a/lzo-2.08.tar.gz b/lzo-2.08.tar.gz
new file mode 100644
index 0000000..94aee02
--- /dev/null
+++ b/lzo-2.08.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ac1b3e4dee46febe9fd28737eb7f5692d3232ef1a01da10444394c3d47536614
+size 589045
diff --git a/lzo.changes b/lzo.changes
index 246be0f..c078f4d 100644
--- a/lzo.changes
+++ b/lzo.changes
@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Wed Jul  2 11:35:21 UTC 2014 - mrueckert@suse.de
+
+- update to 2.08 (bnc#883947) CVE-2014-4607
+  - Updated the Autoconf scripts to fix some reported build
+    problems.
+  - Added CMake build support.
+  - Fixed lzo_init() on big-endian architectures like Sparc.
+- additional changes in 2.07
+  * Fixed a potential integer overflow condition in the "safe"
+    decompressor variants which could result in a possible buffer
+    overrun when processing maliciously crafted compressed input
+    data.
+
+    Fortunately this issue only affects 32-bit systems and also can
+    only happen if you use uncommonly huge buffer sizes where you
+    have to decompress more than 16 MiB (> 2^24 bytes) untrusted
+    compressed bytes within a single function call, so the
+    practical implications are limited.
+
+    POTENTIAL SECURITY ISSUE. CVE-2014-4607.
+
+  * Removed support for ancient configurations like 16-bit "huge"
+    pointers - LZO now requires a flat 32-bit or 64-bit memory
+    model.
+  * Assorted cleanups.
+
 -------------------------------------------------------------------
 Tue Apr 16 12:26:44 UTC 2013 - mmeister@suse.com
 
diff --git a/lzo.spec b/lzo.spec
index 2c66df4..eeaebed 100644
--- a/lzo.spec
+++ b/lzo.spec
@@ -18,7 +18,7 @@
 
 Name:           lzo
 Url:            http://www.oberhumer.com/opensource/lzo/
-Version:        2.06
+Version:        2.08
 Release:        0
 Source:         http://www.oberhumer.com/opensource/%{name}/download/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf