diff --git a/.gitignore b/.gitignore
index cf32646..7c7fa79 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-/libpng-1.5.8.tar.bz2
-/libpng-1.2.46.tar.bz2
+/libpng-1.5.9.tar.bz2
+/libpng-1.2.48.tar.bz2
diff --git a/libpng-cve-2011-3026-15.patch b/libpng-cve-2011-3026-15.patch
deleted file mode 100644
index 9280f42..0000000
--- a/libpng-cve-2011-3026-15.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Patch for CVE-2011-3026 in libpng 1.4 and up, from John Bowler.
-
-
-diff -Naur libpng-1.5.8.orig/pngrutil.c libpng-1.5.8/pngrutil.c
---- libpng-1.5.8.orig/pngrutil.c	2012-02-01 00:00:34.000000000 -0500
-+++ libpng-1.5.8/pngrutil.c	2012-02-16 13:26:51.627339765 -0500
-@@ -432,15 +432,18 @@
-       /* Now check the limits on this chunk - if the limit fails the
-        * compressed data will be removed, the prefix will remain.
-        */
-+      if (prefix_size >= (~(png_size_t)0) - 1 ||
-+         expanded_size >= (~(png_size_t)0) - 1 - prefix_size
- #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
--      if (png_ptr->user_chunk_malloc_max &&
-+         || (png_ptr->user_chunk_malloc_max &&
-           (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
- #else
- #  ifdef PNG_USER_CHUNK_MALLOC_MAX
--      if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
-+         || ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
-           prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
- #  endif
- #endif
-+         )
-          png_warning(png_ptr, "Exceeded size limit while expanding chunk");
- 
-       /* If the size is zero either there was an error and a message
diff --git a/libpng-cve-2011-3026.patch b/libpng-cve-2011-3026.patch
deleted file mode 100644
index 56c9a8a..0000000
--- a/libpng-cve-2011-3026.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Original Chromium patch for CVE-2011-3026.
-
-
-diff -Naur libpng-1.2.46.orig/pngrutil.c libpng-1.2.46/pngrutil.c
---- libpng-1.2.46.orig/pngrutil.c	2011-07-09 06:30:23.000000000 -0400
-+++ libpng-1.2.46/pngrutil.c	2012-02-16 10:28:14.433079740 -0500
-@@ -363,8 +363,15 @@
-       {
-          /* Success (maybe) - really uncompress the chunk. */
-          png_size_t new_size = 0;
--         png_charp text = png_malloc_warn(png_ptr,
--                        prefix_size + expanded_size + 1);
-+         png_charp text = NULL;
-+         /* Need to check for both truncation (64-bit platforms) and integer
-+          * overflow.
-+          */
-+         if (prefix_size + expanded_size > prefix_size &&
-+             prefix_size + expanded_size < 0xffffffffU)
-+         {
-+            text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
-+         }
- 
-          if (text != NULL)
-          {
diff --git a/libpng.spec b/libpng.spec
index fc4274a..4f5cc5e 100644
--- a/libpng.spec
+++ b/libpng.spec
@@ -1,8 +1,8 @@
 Summary: A library of functions for manipulating PNG image format files
 Name: libpng
 Epoch: 2
-Version: 1.5.8
-Release: 2%{?dist}
+Version: 1.5.9
+Release: 1%{?dist}
 License: zlib
 Group: System Environment/Libraries
 URL: http://www.libpng.org/pub/png/
@@ -12,7 +12,7 @@ URL: http://www.libpng.org/pub/png/
 # be recompiled.  The compatibility library is placed in a separate
 # sub-RPM, libpng-compat.  There is no support for recompiling source code
 # against the old version.
-%global prevversion 1.2.46
+%global prevversion 1.2.48
 
 # Note: non-current tarballs get moved to the history/ subdirectory,
 # so look there if you fail to retrieve the version you want
@@ -21,8 +21,6 @@ Source0: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{version}.tar.bz2
 Source1: ftp://ftp.simplesystems.org/pub/png/src/libpng-%{prevversion}.tar.bz2
 
 Patch0: libpng-multilib.patch
-Patch1: libpng-cve-2011-3026-15.patch
-Patch2: libpng-cve-2011-3026.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel, pkgconfig
@@ -44,7 +42,7 @@ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
 Requires: zlib-devel pkgconfig
 # TEMPORARILY pretend that we supply libpng12.pc; this is just to avoid
 # dependency failures during the rebuild cycle for libpng 1.5
-Provides: pkgconfig(libpng12) = 1.2.46
+Provides: pkgconfig(libpng12) = %{prevversion}
 
 %description devel
 The libpng-devel package contains header files and documentation necessary
@@ -75,13 +73,9 @@ This package contains shared libraries (only) for libpng 1.2.x.
 %setup -q
 
 %patch0 -p1
-%patch1 -p1
 
 tar xfj %{SOURCE1}
 
-# patch the compat package: -p0 is intentional here
-%patch2 -p0
-
 %build
 %configure
 make %{?_smp_mflags}
@@ -146,6 +140,10 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Sun Mar 11 2012 Tom Lane <tgl@redhat.com> 2:1.5.9-1
+- Update to libpng 1.5.9 and 1.2.48, for minor security issues (CVE-2011-3045)
+Resolves: #801667
+
 * Thu Feb 16 2012 Tom Lane <tgl@redhat.com> 2:1.5.8-2
 - Fix CVE-2011-3026
 Resolves: #791183
diff --git a/sources b/sources
index 16270b5..329779f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-3b0aac862a247eeabecca44674686dfc  libpng-1.5.8.tar.bz2
-e8b43dc78ef95b3949af7f961d76874b  libpng-1.2.46.tar.bz2
+684ba5f05da436a99c6303a83c7856d6  libpng-1.5.9.tar.bz2
+7612af5660cd4b5e8c433ce53bea01a7  libpng-1.2.48.tar.bz2