diff --git a/.gitignore b/.gitignore
index cbf6389..9ea49f6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,4 @@
 /sudo-1.9.1.tar.gz
 /sudo-1.9.2.tar.gz
 /sudo-1.9.3p1.tar.gz
+/sudo-1.9.5p1.tar.gz
diff --git a/sources b/sources
index 2a74432..9d9c821 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sudo-1.9.3p1.tar.gz) = 3ad13fd03e5b371fd6bf7909731ffc11431d2182a744b654f7e5d4b810e47955d49bc78f551afe13ec56acbce694139c33a15bc022cea41b17af5496b8b7f89f
+SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878
diff --git a/sudo.spec b/sudo.spec
index 78843a0..779cfc9 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.3p1
-Release: 2%{?dist}
+Version: 1.9.5p1
+Release: 1%{?dist}
 License: ISC
 URL: https://www.sudo.ws
 Source0: %{url}/dist/%{name}-%{version}.tar.gz
@@ -230,6 +230,16 @@ EOF
 %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
 
 %changelog
+* Mon Jan 18 2021 Radovan Sroka <rsroka@redhat.com> - 1.9.5p1-1
+- rebase to 1.9.5p1
+Resolves: rhbz#1902758
+- fixed double free in sss_to_sudoers
+Resolves: rhbz#1885874
+- fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit
+Resolves: rhbz#1915055
+- fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit
+Resolves: rhbz#1915054
+
 * Wed Jan 13 2021 Jonathan Lebon <jonathan@jlebon.com> - 1.9.3p1-2
 - split out Python modules into separate subpackage
 Resolves: rhbz#1909299