diff -Nru mplayer-1.2.1/debian/changelog mplayer-1.2.1/debian/changelog
--- mplayer-1.2.1/debian/changelog	2016-05-10 17:41:49.000000000 +0000
+++ mplayer-1.2.1/debian/changelog	2018-09-18 14:32:24.000000000 +0000
@@ -1,3 +1,12 @@
+mplayer (2:1.2.1-1ubuntu1.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Integer overflow in demuxer for GIFs
+    - debian/patches/CVE-2016-4352.patch: Validate image size in demux_gif
+    - CVE-2016-4352
+  * debian/control: Change Build-Depends-Arch to Build-Depends
+
+ -- Mike Salvatore <mike.salvatore@canonical.com>  Tue, 18 Sep 2018 06:19:08 -0400
+
 mplayer (2:1.2.1-1ubuntu1) xenial; urgency=medium
 
   * Add mplayer2 transitional package to fix upgrades (LP: #1580268)
diff -Nru mplayer-1.2.1/debian/control mplayer-1.2.1/debian/control
--- mplayer-1.2.1/debian/control	2016-05-10 17:47:19.000000000 +0000
+++ mplayer-1.2.1/debian/control	2018-09-18 12:49:55.000000000 +0000
@@ -12,8 +12,7 @@
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-multimedia/mplayer.git
 Homepage: https://www.mplayerhq.hu
 Build-Depends:
- debhelper (>= 9~)
-Build-Depends-Arch:
+ debhelper (>= 9~),
  ladspa-sdk,
  liba52-dev,
  libaa1-dev,
@@ -86,8 +85,7 @@
  vstream-client-dev,
  x11proto-core-dev,
  yasm,
- zlib1g-dev
-Build-Depends-Indep:
+ zlib1g-dev,
  docbook-xml,
  docbook-xsl,
  xsltproc
diff -Nru mplayer-1.2.1/debian/patches/CVE-2016-4352.patch mplayer-1.2.1/debian/patches/CVE-2016-4352.patch
--- mplayer-1.2.1/debian/patches/CVE-2016-4352.patch	1970-01-01 00:00:00.000000000 +0000
+++ mplayer-1.2.1/debian/patches/CVE-2016-4352.patch	2018-09-18 10:18:53.000000000 +0000
@@ -0,0 +1,36 @@
+From bcaaa044465fbc61a2ded914f53b7396695e593f Mon Sep 17 00:00:00 2001
+From: rtogni <rtogni@b3059339-0415-0410-9bf9-f77b7e298cf2>
+Date: Thu, 28 Apr 2016 21:32:40 +0000
+Subject: [PATCH] Validate image size in demux_gif
+
+Fixes crash with -vo null and overflow.gif
+Reported by Gustavo Grieco
+
+Closes trac #2295
+
+
+git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@37857 b3059339-0415-0410-9bf9-f77b7e298cf2
+---
+ libmpdemux/demux_gif.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/libmpdemux/demux_gif.c
++++ b/libmpdemux/demux_gif.c
+@@ -303,6 +303,17 @@ static demuxer_t* demux_open_gif(demuxer
+     return NULL;
+   }
+ 
++  // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
++  if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
++    mp_msg(MSGT_DEMUX, MSGL_ERR,
++           "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
++           gif->SHeight);
++    if (DGifCloseFile(gif) == GIF_ERROR)
++      print_gif_error(NULL);
++    free(priv);
++    return NULL;
++  }
++
+   // create a new video stream header
+   sh_video = new_sh_video(demuxer, 0);
+ 
diff -Nru mplayer-1.2.1/debian/patches/series mplayer-1.2.1/debian/patches/series
--- mplayer-1.2.1/debian/patches/series	2016-02-24 03:33:55.000000000 +0000
+++ mplayer-1.2.1/debian/patches/series	2018-09-18 10:18:47.000000000 +0000
@@ -2,3 +2,4 @@
 0002_mplayer_debug_printf.patch
 0200_Hurd_PATH_MAX.patch
 0201_PATH_MAX_HURD.patch
+CVE-2016-4352.patch