diff --git a/.gitignore b/.gitignore
index 6feb1e9..c51dde3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@
 /Linux-PAM-1.4.0.tar.xz.asc
 /Linux-PAM-1.5.0.tar.xz
 /Linux-PAM-1.5.0.tar.xz.asc
+/Linux-PAM-1.5.1.tar.xz
+/Linux-PAM-1.5.1.tar.xz.asc
diff --git a/pam.spec b/pam.spec
index eb4ed04..f52479b 100644
--- a/pam.spec
+++ b/pam.spec
@@ -2,7 +2,7 @@
 
 Summary: An extensible library which provides authentication for applications
 Name: pam
-Version: 1.5.0
+Version: 1.5.1
 Release: 1%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
@@ -361,6 +361,11 @@ done
 %doc doc/sag/*.txt doc/sag/html
 
 %changelog
+* Thu Nov 26 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-1
+- Rebase to release 1.5.1
+- fix CVE-2020-27780: authentication bypass when the user doesn't exist
+  and root password is blank (#1901173)
+
 * Wed Nov 11 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.0-1
 - Rebase to release 1.5.0
 - Rebase to pam-redhat-1.1.4
diff --git a/sources b/sources
index 908f61d..aea6b8e 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (Linux-PAM-1.5.0.tar.xz) = 27be57465371f86c101f93c15f4475e63867c02f8f5af40d3f83b2106bfc8a46b8079302214e17f198ef903dc35b72d00b0e9bdff63ed2ecd8c69543e278f4bf
-SHA512 (Linux-PAM-1.5.0.tar.xz.asc) = be90e6ebcc01933c109cb1715bcb303f29b56cb1e00b684bada804fa9d2390cec09551fefaf3529f3f12ba0f57bc83976021a0c16a42f5a3067d87dec94e5ad0
+SHA512 (Linux-PAM-1.5.1.tar.xz) = 1db091fc43b934dde220f1b85f35937fbaa0a3feec699b2e597e2cdf0c3ce11c17d36d2286d479c9eed24e8ca3ca6233214e4dff256db47249e358c01d424837
+SHA512 (Linux-PAM-1.5.1.tar.xz.asc) = c3937c57dda4d83139bfd546a8e6eccf7dda03cbd485355af78488b0629157a575d442312a3f38734e70b6c164b259597cd6d1d8dc0611cd0d157e1bbe5900d0
 SHA512 (pam-redhat-1.1.4.tar.bz2) = ad3b53744505faf7c93b1f0c1ef4434c2567b97e292859963401b0c117e824704713c69f7a661cccd3aecd1208facb39c433703c1f3cdea1dbda2c380006bfc4