diff --git a/Werkzeug-2.2.2.tar.gz b/Werkzeug-2.2.2.tar.gz
deleted file mode 100644
index 140a20f..0000000
--- a/Werkzeug-2.2.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f
-size 844378
diff --git a/Werkzeug-2.2.3.tar.gz b/Werkzeug-2.2.3.tar.gz
new file mode 100644
index 0000000..168cb60
--- /dev/null
+++ b/Werkzeug-2.2.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe
+size 845884
diff --git a/python-Werkzeug.changes b/python-Werkzeug.changes
index 231dec1..4ced30d 100644
--- a/python-Werkzeug.changes
+++ b/python-Werkzeug.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Mon Mar 13 18:48:22 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.2.3 (bsc#1208283, CVE-2023-25577):
+  * Ensure that URL rules using path converters will redirect
+    with strict slashes when the trailing slash is missing.
+  * Type signature for ``get_json`` specifies that return type
+    is not optional when ``silent=False``.
+  * ``parse_content_range_header`` returns ``None`` for a value
+    like ``bytes */-1`` where the length is invalid, instead of
+    raising an ``AssertionError``.
+  * Address remaining ``ResourceWarning`` related to the socket
+    used by ``run_simple``.
+  * Remove ``prepare_socket``, which now happens when
+    creating the server.
+  * Update pre-existing headers for ``multipart/form-data``
+    requests with the test client.
+  * Fix handling of header extended parameters such that they
+    are no longer quoted.
+  * ``LimitedStream.read`` works correctly when wrapping a
+    stream that may not return the requested size in one 
+    ``read`` call.
+  * A cookie header that starts with ``=`` is treated as an
+    empty key and discarded, rather than stripping the leading ``==``.
+  * Specify a maximum number of multipart parts, default 1000,
+    after which a ``RequestEntityTooLarge`` exception is
+    raised on parsing.  This mitigates a DoS attack where a
+    larger number of form/file parts would result in disproportionate
+    resource use.
+
 -------------------------------------------------------------------
 Tue Sep 13 17:13:05 UTC 2022 - Ben Greiner <code@bnavigator.de>
 
diff --git a/python-Werkzeug.spec b/python-Werkzeug.spec
index 82e1502..ad3e956 100644
--- a/python-Werkzeug.spec
+++ b/python-Werkzeug.spec
@@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
 %endif
 
 Name:           python-Werkzeug%{psuffix}
-Version:        2.2.2
+Version:        2.2.3
 Release:        0
 Summary:        The Swiss Army knife of Python web development
 License:        BSD-3-Clause