diff --git a/.cvsignore b/.cvsignore
index 000e47d..941057b 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-postgresql-ocaml-1.8.2.tar.bz2
+release-1.12.3.tar.bz2
diff --git a/ocaml-postgresql.spec b/ocaml-postgresql.spec
index 6f7c290..f458235 100644
--- a/ocaml-postgresql.spec
+++ b/ocaml-postgresql.spec
@@ -2,8 +2,8 @@
 %define debug_package %{nil}
 
 Name:           ocaml-postgresql
-Version:        1.8.2
-Release:        4%{?dist}
+Version:        1.12.3
+Release:        1%{?dist}
 Summary:        OCaml library for accessing PostreSQL databases
 
 Group:          Development/Libraries
@@ -91,6 +91,14 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Oct 16 2009 Richard W.M. Jones <rjones@redhat.com> - 1.12.3-1
+- New upstream version 1.12.3.
+- This contains a SECURITY fix for:
+  https://bugzilla.redhat.com/show_bug.cgi?id=529325
+  CVE-2009-2943 ocaml-postgresql: Missing escape function (DSA-1909-1)
+  HOWEVER you are not protected until you change your code to
+  use the new connection#escape_string method.
+
 * Wed Apr 23 2008 Richard W.M. Jones <rjones@redhat.com> - 1.8.2-4
 - Rebuild for OCaml 3.10.2
 
diff --git a/sources b/sources
index a80bee1..8a8b074 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3ba2746c46e223d82b3ba32835ba6635  postgresql-ocaml-1.8.2.tar.bz2
+64d6fdc1a23dc3315c61771f1d28f592  release-1.12.3.tar.bz2