diff --git a/bzip2-1.0.5.tar.gz b/bzip2-1.0.5.tar.gz
new file mode 100644
index 0000000..0d8513b
--- /dev/null
+++ b/bzip2-1.0.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f7bf5368309d76e5daf3a89d4d1bea688dac7780742e7a0ae1af19be9316fe22
+size 841402
diff --git a/bzip2-1.0.6.tar.gz b/bzip2-1.0.6.tar.gz
deleted file mode 100644
index 8cf2887..0000000
--- a/bzip2-1.0.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
-size 782025
diff --git a/bzip2-CVE-2010-0405.patch b/bzip2-CVE-2010-0405.patch
new file mode 100644
index 0000000..536aedb
--- /dev/null
+++ b/bzip2-CVE-2010-0405.patch
@@ -0,0 +1,18 @@
+Index: bzip2-1.0.5/decompress.c
+===================================================================
+--- bzip2-1.0.5.orig/decompress.c
++++ bzip2-1.0.5/decompress.c
+@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s )
+             es = -1;
+             N = 1;
+             do {
++               /* Check that N doesn't get too big, so that es doesn't
++                  go negative.  The maximum value that can be
++                  RUNA/RUNB encoded is equal to the block size (post
++                  the initial RLE), viz, 900k, so bounding N at 2
++                  million should guard against overflow without
++                  rejecting any legitimate inputs. */
++               if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
+                if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
+                if (nextSym == BZ_RUNB) es = es + (1+1) * N;
+                N = N * 2;
diff --git a/bzip2.changes b/bzip2.changes
index 492ee1d..aab2251 100644
--- a/bzip2.changes
+++ b/bzip2.changes
@@ -1,10 +1,3 @@
--------------------------------------------------------------------
-Thu Sep 23 09:27:21 UTC 2010 - puzel@novell.com
-
-- update to bzip2-1.0.6
-  - fixes CVE-2010-0405
-- drop bzip2-CVE-2010-0405 (upstream)
-
 -------------------------------------------------------------------
 Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com
 
diff --git a/bzip2.spec b/bzip2.spec
index e937bdd..881bf61 100644
--- a/bzip2.spec
+++ b/bzip2.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package bzip2 (Version 1.0.6)
+# spec file for package bzip2 (Version 1.0.5)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -19,7 +19,7 @@
 
 
 Name:           bzip2
-Version:        1.0.6
+Version:        1.0.5
 Release:        46
 Provides:       bzip
 Obsoletes:      bzip
@@ -45,6 +45,7 @@ Patch:          http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut
 Patch2:         bzip2-maxlen20.patch
 Patch3:         bzip2-faster.patch
 Patch5:         bzip2-unsafe_strcpy.patch
+Patch6:         bzip2-CVE-2010-0405.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -108,6 +109,7 @@ Authors:
 %patch2
 %patch3
 %patch5
+%patch6 -p1
 
 %build
 profile_bzip2()