diff --git a/bubblewrap-0.3.3.tar.xz b/bubblewrap-0.3.3.tar.xz
new file mode 100644
index 0000000..a34aac4
--- /dev/null
+++ b/bubblewrap-0.3.3.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c6a45f51794a908b76833b132471397a7413f07620af08e76c273d9f7b364dff
+size 127680
diff --git a/bubblewrap.changes b/bubblewrap.changes
index 00da078..6fcb712 100644
--- a/bubblewrap.changes
+++ b/bubblewrap.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Sat Jun  1 15:08:49 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
+
+- Update to version 0.3.3:
+ - This release is the same as 0.3.2 but the version number in configure.ac
+   was accidentally still set to 0.3.1
+- Update to version 0.3.2:
+ - fixes boo#1136958 / CVE-2019-12439
+  This release fixes a mostly theoretical security issue in unusual/broken
+  setups where `$XDG_RUNTIME_DIR` is unset.
+  There are some other smaller fixes, as well as an addition to the JSON
+  API that allows reading the inner process exit code, separately from
+  the `bwrap` exit code.
+  - Print "Out of memory" on stderr, not stdout
+  - bwrap: add option json-status-fd to show child exit code
+  - bwrap: Report COMMAND exit code in json-status-fd
+  - man page: Describe --chdir, not nonexistent --cwd
+  - Don't create our own temporary mount point for pivot_root
+  - Make lockdata long enough on 32-bit with 64-bit file pointers.
+
 -------------------------------------------------------------------
 Thu Oct 11 16:41:12 UTC 2018 - Antonio Larrosa <alarrosa@suse.com> - 0.3.1
 
diff --git a/bubblewrap.spec b/bubblewrap.spec
index edd6edc..18e496c 100644
--- a/bubblewrap.spec
+++ b/bubblewrap.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package bubblewrap
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,16 +17,13 @@
 
 
 Name:           bubblewrap
-Version:        0.3.1
+Version:        0.3.3
 Release:        0
 Summary:        Core execution tool for unprivileged containers
 License:        LGPL-2.0-or-later
 Group:          Productivity/Security
 Url:            https://github.com/projectatomic/bubblewrap
-Source:         https://github.com/projectatomic/bubblewrap/archive/v%{version}.tar.gz
-# Does not have README.md and autogen.sh included -> unusable
-# Source0:        https://github.com/projectatomic/bubblewrap/releases/download/v%%{version}/%%{name}-%%{version}.tar.xz
-# We always run autogen.sh
+Source0:        https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/%{name}-%{version}.tar.xz
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  docbook-xsl-stylesheets
diff --git a/v0.3.1.tar.gz b/v0.3.1.tar.gz
deleted file mode 100644
index 5bca04e..0000000
--- a/v0.3.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3757cb021d1a3ccc36828a58363817e1923c458ed03260d0c2b3a99da61bfb81
-size 62768