diff --git a/.gitignore b/.gitignore
index 9ea49f6..eb540df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,4 @@
 /sudo-1.9.2.tar.gz
 /sudo-1.9.3p1.tar.gz
 /sudo-1.9.5p1.tar.gz
+/sudo-1.9.5p2.tar.gz
diff --git a/sources b/sources
index 9d9c821..e39bcb4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878
+SHA512 (sudo-1.9.5p2.tar.gz) = f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27
diff --git a/sudo.spec b/sudo.spec
index 16d3c05..6945c73 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,6 +1,6 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.5p1
+Version: 1.9.5p2
 Release: 1%{?dist}
 License: ISC
 URL: https://www.sudo.ws
@@ -229,6 +229,12 @@ EOF
 %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
 
 %changelog
+* Tue Jan 26 2021 Matthew Miller <mattdm@fedoraproject.org> - 1.9.5p2-1
+- rebase to 1.9.5p2
+Resolves: rhbz#1920611
+- fixed CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
+Resolves: rhbz#1920618
+
 * Mon Jan 18 2021 Radovan Sroka <rsroka@redhat.com> - 1.9.5p1-1
 - rebase to 1.9.5p1
 -  updated sudo url