diff -Nru openjpeg2-2.1.1/debian/changelog openjpeg2-2.1.1/debian/changelog
--- openjpeg2-2.1.1/debian/changelog	2016-07-11 07:28:22.000000000 +0000
+++ openjpeg2-2.1.1/debian/changelog	2016-10-08 15:10:43.000000000 +0000
@@ -1,3 +1,21 @@
+openjpeg2 (2.1.1-1ubuntu0.1) yakkety-security; urgency=medium
+
+  * SECURITY UPDATE: Out-of-bound heap write possible resulting
+    in heap corruption and arbitrary code execution (lp: #1630702)
+    - debian/patches/CVE-2016-8332.patch: fix incrementing of
+      "l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc 
+      in src/lib/openjp2/j2k.c.
+    - CVE-2016-8332
+  * SECURITY UPDATE: Integer overflow possible resulting in 
+    arbitrary code execution via a crafted JP2 file, 
+    triggering out-of-bound read or write (lp: #1630702)
+    - debian/patches/CVE-2016-7163.patch: fix an integer 
+      overflow issue in function opj_pi_create_decode of 
+      pi.c in src/lib/openjp2/pi.c.
+    - CVE-2016-7163 
+
+ -- Nikita Yerenkov-Scott <cooks.go.hungry@gmail.com>  Sat, 08 Oct 2016 16:10:43 +0100
+
 openjpeg2 (2.1.1-1) unstable; urgency=medium
 
   * New upstream. Closes: #829734
diff -Nru openjpeg2-2.1.1/debian/control openjpeg2-2.1.1/debian/control
--- openjpeg2-2.1.1/debian/control	2016-07-11 07:23:04.000000000 +0000
+++ openjpeg2-2.1.1/debian/control	2016-10-08 15:10:43.000000000 +0000
@@ -1,6 +1,7 @@
 Source: openjpeg2
 Priority: optional
-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
 Uploaders: Mathieu Malaterre <malat@debian.org>
 Homepage: http://www.openjpeg.org
 Build-Depends: cmake (>= 2.8.2),
diff -Nru openjpeg2-2.1.1/debian/patches/CVE-2016-7163.patch openjpeg2-2.1.1/debian/patches/CVE-2016-7163.patch
--- openjpeg2-2.1.1/debian/patches/CVE-2016-7163.patch	1970-01-01 00:00:00.000000000 +0000
+++ openjpeg2-2.1.1/debian/patches/CVE-2016-7163.patch	2016-10-08 15:10:43.000000000 +0000
@@ -0,0 +1,24 @@
+Description: Prevent an integer overflow issue in function opj_pi_create_decode of pi.c
+Origin: upstream, https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
+Origin: upstream, https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: openjpeg2-2.1.1/src/lib/openjp2/pi.c
+===================================================================
+--- openjpeg2-2.1.1.orig/src/lib/openjp2/pi.c
++++ openjpeg2-2.1.1/src/lib/openjp2/pi.c
+@@ -1237,7 +1237,13 @@ opj_pi_iterator_t *opj_pi_create_decode(
+ 	l_current_pi = l_pi;
+ 
+ 	/* memory allocation for include */
+-	l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
++	/* prevent an integer overflow issue */
++	l_current_pi->include = 00;
++	if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
++	{
++		l_current_pi->include = (OPJ_INT16*) opj_calloc((size_t)(l_tcp->numlayers + 1U) * l_step_l, sizeof(OPJ_INT16));
++	}
++
+ 	if
+ 		(!l_current_pi->include)
+ 	{
diff -Nru openjpeg2-2.1.1/debian/patches/CVE-2016-8332.patch openjpeg2-2.1.1/debian/patches/CVE-2016-8332.patch
--- openjpeg2-2.1.1/debian/patches/CVE-2016-8332.patch	1970-01-01 00:00:00.000000000 +0000
+++ openjpeg2-2.1.1/debian/patches/CVE-2016-8332.patch	2016-10-08 15:10:43.000000000 +0000
@@ -0,0 +1,35 @@
+Description: Fix incrementing of "l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc
+Origin: upstream, https://github.com/uclouvain/openjpeg/pull/820/commits/e9606c02c148e410305bf959a51baab24aa88cd7
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: openjpeg2-2.1.1/src/lib/openjp2/j2k.c
+===================================================================
+--- openjpeg2-2.1.1.orig/src/lib/openjp2/j2k.c
++++ openjpeg2-2.1.1/src/lib/openjp2/j2k.c
+@@ -5405,6 +5405,7 @@ static OPJ_BOOL opj_j2k_read_mcc (     o
+         OPJ_UINT32 l_nb_collections;
+         OPJ_UINT32 l_nb_comps;
+         OPJ_UINT32 l_nb_bytes_by_comp;
++        OPJ_BOOL l_new_mcc = OPJ_FALSE;
+ 
+         /* preconditions */
+         assert(p_header_data != 00);
+@@ -5466,6 +5467,7 @@ static OPJ_BOOL opj_j2k_read_mcc (     o
+                         memset(l_mcc_record,0,(l_tcp->m_nb_max_mcc_records-l_tcp->m_nb_mcc_records) * sizeof(opj_simple_mcc_decorrelation_data_t));
+                 }
+                 l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;
++                l_new_mcc = OPJ_TRUE;
+         }
+         l_mcc_record->m_index = l_indix;
+ 
+@@ -5601,7 +5603,9 @@ static OPJ_BOOL opj_j2k_read_mcc (     o
+                 return OPJ_FALSE;
+         }
+ 
+-        ++l_tcp->m_nb_mcc_records;
++        if (l_new_mcc) {
++                ++l_tcp->m_nb_mcc_records;
++	}
+ 
+         return OPJ_TRUE;
+ }
diff -Nru openjpeg2-2.1.1/debian/patches/series openjpeg2-2.1.1/debian/patches/series
--- openjpeg2-2.1.1/debian/patches/series	2016-07-11 07:16:39.000000000 +0000
+++ openjpeg2-2.1.1/debian/patches/series	2016-10-08 15:10:43.000000000 +0000
@@ -1,3 +1,5 @@
 fix_typos.patch
 multiarch_path.patch
 795.patch
+CVE-2016-8332.patch
+CVE-2016-7163.patch