diff --git a/patches.tar.bz2 b/patches.tar.bz2
index c638021..8e37d65 100644
--- a/patches.tar.bz2
+++ b/patches.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:e1ff7ed55a2f6e70c431e2dc26719501c51574ba6faccf13eb22276afa4be12f
-size 24604
+oid sha256:7a1541efd3c249747339cc4f5940cf6ebc77ca8bcceb0cd75bf2797a455029e5
+size 24596
diff --git a/samba.changes b/samba.changes
index 5581190..54892fe 100644
--- a/samba.changes
+++ b/samba.changes
@@ -40,10 +40,38 @@ Wed Aug 28 14:56:09 UTC 2013 - lmuelle@suse.com
 - Add libnetapi0 and samba-libs to baselibs.conf.
 
 -------------------------------------------------------------------
-Thu Jul 25 14:39:09 UTC 2013 - lmuelle@suse.com
+Thu Aug 22 12:01:15 UTC 2013 - lmuelle@suse.de
 
-- Samba 3.0.x to 4.0.7 are affected by a denial of service attack on
-  authenticated or guest connections; CVE-2013-4124; (bnc#829969).
+- Update to 4.0.9.
+  + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol";
+    (bso#9820).
+  + s3-lib: Fix segmentation fault while reading incomplete session info;
+    (bso#10003).
+  + smbd: Fix a 100% loop at shutdown time; (bso#10013).
+
+  + Windows 8 Roaming profiles fail; (bso#9678).
+  + Add UPN enumeration to passdb internal API; (bso#9779).
+  + smbd: Cleanup disonnected durable handles; (bso#9930).
+  + vfs_streams_xattr: Do not attempt to write empty attribute twice;
+    (bso#9970).
+  + Fix Windows error 0x800700FE when copying files with xattr names
+    containing ":"; (bso#9992).
+  + s3-winbind: Do not delete an existing valid credential cache; (bso#9994).
+  + Fix excessive RID allocation; (bso#10014).
+  + Add debugclass for DNS server; (bso#10015).
+  + Fix/improve debug options; (bso#10015).
+  + Allow to change the default location for Kerberos credential caches;
+    (bso#10043).
+  + Linux kernel oplock breaks can miss signals; (bso#10064).
+  + net ads join: Fix segmentation fault in
+    create_local_private_krb5_conf_for_domain; (bso#10073).
+
+-------------------------------------------------------------------
+Mon Aug  5 10:56:56 UTC 2013 - lmuelle@suse.com
+
+- Update to 4.0.8.
+  + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on
+    authenticated or guest connections; CVE-2013-4124; (bnc#829969).
 
 -------------------------------------------------------------------
 Mon Jul 22 08:41:07 UTC 2013 - lmuelle@suse.com
diff --git a/samba.spec b/samba.spec
index e21b338..7ade6b7 100644
--- a/samba.spec
+++ b/samba.spec
@@ -125,7 +125,7 @@ BuildRequires:  libxslt-tools
 %else
 %define	build_make_smp_mflags %{?jobs:-j%jobs}
 %endif
-%define SOURCE_TIMESTAMP 3073
+%define SOURCE_TIMESTAMP 3074
 %define BRANCH %{version}
 %global with_mitkrb5 1
 %global with_dc 0
diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2
index 76e5a12..ebc9f34 100644
--- a/vendor-files.tar.bz2
+++ b/vendor-files.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:274754a6733b1623a602766521aad1b60fe028d14ab03934a67b509571b026c0
-size 54024
+oid sha256:25fb121bd0fc43a6eb559d8f862edc45a49b6074187cce830bdf3b7a3afe7624
+size 53892