diff --git a/.gitignore b/.gitignore
index cc6785d..86b8390 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,8 @@ bugzilla-3.6.1.tar.gz
 /bugzilla-4.2.4.tar.gz
 /bugzilla-4.2.5.tar.gz
 /bugzilla-4.2.6.tar.gz
+/bugzilla-4.2.7.tar.gz
+/bugzilla-4.2.9.tar.gz
+/bugzilla-4.2.10.tar.gz
+/bugzilla-4.2.11.tar.gz
+/bugzilla-4.2.13.tar.gz
diff --git a/bugzilla-httpd-conf b/bugzilla-httpd-conf
index 45ec051..1ed7679 100644
--- a/bugzilla-httpd-conf
+++ b/bugzilla-httpd-conf
@@ -17,3 +17,7 @@ Alias /bugzilla /usr/share/bugzilla
   AddType application/vnd.mozilla.xul+xml .xul
   AddType application/rdf+xml .rdf
 </Directory>
+
+<Directory /var/lib/bugzilla/data/webdot>
+  Require all granted
+</Directory>
diff --git a/bugzilla-rw-paths.patch b/bugzilla-rw-paths.patch
index 66b0d87..1bad35c 100644
--- a/bugzilla-rw-paths.patch
+++ b/bugzilla-rw-paths.patch
@@ -1,13 +1,17 @@
---- bugzilla-4.2/Bugzilla/Constants.pm	2012-02-26 22:39:30.161462858 +0100
-+++ bugzilla-4.2-rw/Bugzilla/Constants.pm	2012-02-26 22:41:55.185107179 +0100
-@@ -629,18 +629,18 @@
+diff -up ./Bugzilla/Constants.pm.orig ./Bugzilla/Constants.pm
+--- ./Bugzilla/Constants.pm.orig	2013-09-02 22:51:11.831245853 +0200
++++ ./Bugzilla/Constants.pm	2013-09-02 22:53:27.733416972 +0200
+@@ -627,20 +627,20 @@ sub bz_locations {
+         # make sure this still points to the CGIs.
+         'cgi_path'    => $libpath,
          'templatedir' => "$libpath/template",
-         'template_cache' => "$datadir/template",
+-        'template_cache' => "$datadir/template",
++        'template_cache' => "/var/lib/bugzilla/$datadir/template",
          'project'     => $project,
 -        'localconfig' => "$libpath/$localconfig",
 -        'datadir'     => $datadir,
 -        'attachdir'   => "$datadir/attachments",
-+        'localconfig' => "/etc/bugzilla/localconfig",
++        'localconfig' => "/etc/bugzilla/$localconfig",
 +        'datadir'     => "/var/lib/bugzilla/$datadir",
 +        'attachdir'   => "/var/lib/bugzilla/$datadir/attachments",
          'skinsdir'    => "$libpath/skins",
diff --git a/bugzilla.spec b/bugzilla.spec
index 5eda576..9919985 100644
--- a/bugzilla.spec
+++ b/bugzilla.spec
@@ -4,9 +4,9 @@
 Summary: Bug tracking system
 URL: http://www.bugzilla.org/
 Name: bugzilla
-Version: 4.2.6
+Version: 4.2.13
 Group: Applications/Publishing
-Release: 5%{?dist}
+Release: 1%{?dist}
 License: MPLv1.1
 Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz
 Source1: bugzilla-httpd-conf
@@ -108,6 +108,12 @@ rm -f Bugzilla/Constants.pm.orig
 rm -f Bugzilla/Install/Requirements.pm.orig
 # Remove bundled libs
 rm -rf lib/CGI*
+# Remove bundled binary files
+rm -f js/yui/*/*.swf
+
+# these files are only used for testing Bugzilla code
+# see https://bugzilla.mozilla.org/show_bug.cgi?id=995209
+rm Build.PL MANIFEST.SKIP
 
 # Deal with changing /usr/local paths here instead of via patches
 %{__perl} -pi -e 's|/usr/local/bin/python\b|%{__python}|' contrib/*.py
@@ -215,6 +221,34 @@ popd > /dev/null)
 %{bzinstallprefix}/bugzilla/contrib/syncLDAP.pl
 
 %changelog
+* Sat Jan 31 2015 Emmanuel Seyman <emmanuel@seyman.fr> - 4.4.8-1
+- Update to 4.2.13 (fixes regressions in 4.2.12 which itself
+  fixed security flaws) (CVE-2014-1571, CVE-2014-8630)
+- Remove bundled binary files (#1000245)
+- Add webdot directory perms to apache configuration
+
+* Wed Oct 08 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.11-1
+- Update to 4.2.11 (CVE-2014-157, CVE-2014-1573 and CVE-2014-1571)
+
+* Fri Jul 25 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.10-1
+- Update to 4.2.10 which fixes a security bug (CVE-2014-1546)
+
+* Sat Apr 19 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.9-1
+- Update to 4.2.9 (regression fix for 4.2.8 which was a security update)
+- Drop backported patches
+
+* Sun Jan 19 2014 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.7-3
+- Fix the comparison of module versions (#1044854)
+- Really honor the PROJECT environment variable (#911943)
+
+* Fri Nov 15 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.7-2
+- Add patch to cache bz_locations() (bmo #843457)
+- Fix constants patch to honor the PROJECT environment variable (#911943)
+
+* Thu Oct 17 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.7-1
+- Update to 4.2.7 (security updates)
+- Patch bugzilla to write compiled templates under /var (#949130)
+
 * Thu Aug 15 2013 Emmanuel Seyman <emmanuel@seyman.fr> - 4.2.6-5
 - Stop creating /usr/share/doc/bugzilla-<version> (#993688)
 - Fix incorrect date in changelog
diff --git a/sources b/sources
index 0e07eb9..bc9dd67 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-65d0c7f1f281c37aa17a3ec5724251d6  bugzilla-4.2.6.tar.gz
+634f12a9a899cbe2a28f9b83d214a520  bugzilla-4.2.13.tar.gz