diff --git a/.gitignore b/.gitignore
index 0534e2d..d4f8597 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
+jackson-databind-jackson-databind-*/
 /jackson-databind-*.tar.gz
 /*.src.rpm
diff --git a/jackson-databind.spec b/jackson-databind.spec
index bacd652..df4c537 100644
--- a/jackson-databind.spec
+++ b/jackson-databind.spec
@@ -1,15 +1,17 @@
 Name:          jackson-databind
-Version:       2.9.8
-Release:       2%{?dist}
+Version:       2.9.9.3
+Release:       1%{?dist}
 Summary:       General data-binding package for Jackson (2.x)
 License:       ASL 2.0 and LGPLv2+
 URL:           https://github.com/FasterXML/jackson-databind/
 Source0:       https://github.com/FasterXML/jackson-databind/archive/%{name}-%{version}.tar.gz
 
 BuildRequires:  maven-local
-BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-annotations) >= %{version}
-BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-core) >= %{version}
-BuildRequires:  mvn(com.fasterxml.jackson:jackson-base:pom:) >= %{version}
+
+# TODO: Revert back to version macro when versions align again.
+BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-annotations) >= 2.9.9
+BuildRequires:  mvn(com.fasterxml.jackson.core:jackson-core) >= 2.9.9
+BuildRequires:  mvn(com.fasterxml.jackson:jackson-base:pom:) >= 2.9.9
 BuildRequires:  mvn(com.google.code.maven-replacer-plugin:replacer)
 BuildRequires:  mvn(org.apache.felix:maven-bundle-plugin)
 BuildRequires:  mvn(org.powermock:powermock-api-mockito)
@@ -67,6 +69,9 @@ rm src/test/java/com/fasterxml/jackson/databind/ser/jdk/JDKTypeSerializationTest
 %license LICENSE NOTICE
 
 %changelog
+* Thu Sep 12 2019 Alexander Scheel <ascheel@redhat.com> - 2.9.9.3-1
+- Update to latest upstream release; fixes CVE-2019-12384
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
diff --git a/sources b/sources
index 24903b4..c6fb239 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (jackson-databind-2.9.8.tar.gz) = 201b2d6cbc875898536904358bc6634ea66e0f624cbee0185ab33d144f2710001ef9f58b26b0d4b412cd48ee866ef2ba728ab60d09c6b1072c2fa9a9d7427d8d
+SHA512 (jackson-databind-2.9.9.3.tar.gz) = 1b5cd44f1ff25379b68a34973cede8a8bec42cb99c432effaf7b625566ba66bf2bdacd6b0e31b53b71e240163d1d7afdaee5b357495834ac7a12182bd284014c