diff --git a/libzypp-16.15.1.tar.bz2 b/libzypp-16.15.1.tar.bz2
index 2a22575..607239b 100644
--- a/libzypp-16.15.1.tar.bz2
+++ b/libzypp-16.15.1.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ce96e8cc049be13c9a476828ab6a98c50c07bfcd6d82fce7bbd972d11aebe6ea
-size 4698388
+oid sha256:56207dcea9a88a90c6dc06b20912b56fe0f9e8ec9d85f44d4277e80af01cb5f5
+size 4697521
diff --git a/libzypp.changes b/libzypp.changes
index 3a34b8c..e552ffd 100644
--- a/libzypp.changes
+++ b/libzypp.changes
@@ -1,7 +1,8 @@
 -------------------------------------------------------------------
 Tue Jul 18 13:18:16 CEST 2017 - ma@suse.de
 
-- Be sure bad packages do not stay in the cache (bsc#1045735)
+- Be sure bad packages do not stay in the cache
+  (bsc#1045735, CVE-2017-9269)
 - version 16.15.1 (0)
 
 -------------------------------------------------------------------
@@ -10,7 +11,7 @@ Mon Jul 17 16:38:14 CEST 2017 - ma@suse.de
 - PackageProvider: enforce a signed package if pkgGpgCheckIsMandatory
 - Add RpmDb::checkPackageSignature to report unsigned packages
 - Fix repo gpg check workflows, mainly for unsigned repos and packages
-  (bsc#1045735, bsc#1038984)
+  (bsc#1045735, bsc#1038984, CVE-2017-7435, CVE-2017-7436, CVE-2017-9269)
 - version 16.15.0 (0)
 
 -------------------------------------------------------------------