diff --git a/.gitignore b/.gitignore
index 03a6555..918cc33 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
-SOURCES/varnish-6.0.2.tgz
+SOURCES/varnish-6.0.6.tgz
diff --git a/.varnish.metadata b/.varnish.metadata
index 54d2ea5..aa082b2 100644
--- a/.varnish.metadata
+++ b/.varnish.metadata
@@ -1,2 +1,2 @@
 db2cd6c296e7f19d65c09e642b7011338d9d0e04 SOURCES/pkg-varnish-cache-0ad2f22.tar.gz
-468e4f24a7d8f7d0536da14e476169fe568b770b SOURCES/varnish-6.0.2.tgz
+c9cdd61f46d70b1bf8cb5eac3510aa3f4cf5c326 SOURCES/varnish-6.0.6.tgz
diff --git a/SPECS/varnish.spec b/SPECS/varnish.spec
index 3dca165..f2036a3 100644
--- a/SPECS/varnish.spec
+++ b/SPECS/varnish.spec
@@ -18,8 +18,8 @@
 
 Summary: High-performance HTTP accelerator
 Name: varnish
-Version: 6.0.2
-Release: 1%{?dist}
+Version: 6.0.6
+Release: 2%{?dist}
 License: BSD
 Group: System Environment/Daemons
 URL: https://www.varnish-cache.org/
@@ -191,9 +191,9 @@ sed -i 's,User=varnishlog,User=varnish,g;' redhat/varnishncsa.service
 
 # Explicit python, please
 %if %{with python2}
-sed -i 's/env python/python2/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
+sed -i 's/env python3/python2/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
 %else
-sed -i 's/env python/python3/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
+sed -i 's/env python3/python3/g;' lib/libvcc/vmodtool.py lib/libvcc/vsctool.py
 %endif
 
 # Clean up the html documentation
@@ -371,6 +371,14 @@ fi
 
 
 %changelog
+* Tue Apr 14 2020 Lubos Uhliarik <luhliari@redhat.com> - 6.0.6-2
+- new version 6.0.6
+- Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS
+- Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two
+  client requests leads to information disclosure
+- Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service 
+  handling certain crafted HTTP/1 requests 
+
 * Mon Oct 08 2018 Lubos Uhliarik <luhliari@redhat.com> - 6.0.2-1
 - new version 6.0.2 (#1633338)