diff -Nru libvpx-1.3.0/debian/changelog libvpx-1.3.0/debian/changelog
--- libvpx-1.3.0/debian/changelog	2014-10-23 02:00:52.000000000 +0000
+++ libvpx-1.3.0/debian/changelog	2014-10-25 20:39:47.000000000 +0000
@@ -1,8 +1,17 @@
-libvpx (1.3.0-2.1~trusty) trusty; urgency=medium
+libvpx (1.3.0-3~trusty) trusty; urgency=medium
 
-  * or trusty
+  * For trusty
 
- -- Doug McMahon <mc631man@gmail.com>  Wed, 22 Oct 2014 22:00:28 -0400
+ -- Doug McMahon <mc631man@gmail.com>  Sat, 25 Oct 2014 16:38:50 -0400
+
+libvpx (1.3.0-3) unstable; urgency=high
+
+  * debian/control:
+    + Add VP9 to the short and long package descriptions (Closes: #760095).
+  * debian/patches/vp9-out-of-bounds-access.patch:
+    + Fix out of bounds access in the VP9 codec (CVE-2014-1578) (Closes: #765435).
+
+ -- Sebastian Dröge <slomo@debian.org>  Tue, 21 Oct 2014 10:02:18 +0200
 
 libvpx (1.3.0-2.1) unstable; urgency=medium
 
diff -Nru libvpx-1.3.0/debian/control libvpx-1.3.0/debian/control
--- libvpx-1.3.0/debian/control	2014-08-09 12:55:20.000000000 +0000
+++ libvpx-1.3.0/debian/control	2014-10-21 08:02:09.000000000 +0000
@@ -15,9 +15,9 @@
          ${shlibs:Depends},
          ${misc:Depends}
 Multi-Arch: same
-Description: VP8 video codec (development files)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (development files)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
  on which the Theora codec was based.
  .
  This package contains the development libraries, header files needed by
@@ -30,9 +30,9 @@
          ${misc:Depends}
 Multi-Arch: same
 Pre-Depends: ${misc:Pre-Depends}
-Description: VP8 video codec (shared library)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (shared library)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
  on which the Theora codec was based.
  .
  This package contains the shared libraries.
@@ -43,9 +43,9 @@
 Architecture: any
 Depends: libvpx1 (= ${binary:Version}),
          ${misc:Depends}
-Description: VP8 video codec (debugging symbols)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (debugging symbols)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
  on which the Theora codec was based.
  .
  Debugging symbols for the VPX library. This is
@@ -56,9 +56,9 @@
 Architecture: all
 Depends: ${misc:Depends}
 Recommends: lynx | www-browser
-Description: VP8 video codec (API documentation)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (API documentation)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
  on which the Theora codec was based.
  .
  This package contains the HTML documentation for the libvpx library
@@ -71,9 +71,9 @@
          ${shlibs:Depends},
          ${misc:Depends}
 Multi-Arch: foreign
-Description: VP8 video codec encoding/decoding tools
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec encoding/decoding tools
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
  on which the Theora codec was based.
  .
  This package contains the commandline tools vpxdec and vpxenc.
diff -Nru libvpx-1.3.0/debian/patches/series libvpx-1.3.0/debian/patches/series
--- libvpx-1.3.0/debian/patches/series	2014-08-09 12:49:26.000000000 +0000
+++ libvpx-1.3.0/debian/patches/series	2014-10-21 08:03:29.000000000 +0000
@@ -1,2 +1,3 @@
 fix-armhf-link.patch
 Bug-fix-in-ssse3-quantize-function.patch
+vp9-out-of-bounds-access.patch
diff -Nru libvpx-1.3.0/debian/patches/vp9-out-of-bounds-access.patch libvpx-1.3.0/debian/patches/vp9-out-of-bounds-access.patch
--- libvpx-1.3.0/debian/patches/vp9-out-of-bounds-access.patch	1970-01-01 00:00:00.000000000 +0000
+++ libvpx-1.3.0/debian/patches/vp9-out-of-bounds-access.patch	2014-10-21 08:05:37.000000000 +0000
@@ -0,0 +1,34 @@
+
+# HG changeset patch
+# User Ralph Giles <giles@mozilla.com>
+# Date 1412209683 25200
+# Node ID 6023f0b4f8ba49dd117106cc98cd8007c2142bf6
+# Parent  8c431dcec0ffde13988d47eacf341113ea883245
+Bug 1063327 - Reject vp9 frames with invalid tiles. r=kinetik, a=abillings
+
+diff --git a/vp9/decoder/vp9_decodframe.c b/vp9/decoder/vp9_decodframe.c
+--- a/vp9/decoder/vp9_decodframe.c
++++ b/vp9/decoder/vp9_decodframe.c
+@@ -863,16 +863,21 @@ static size_t get_tile(const uint8_t *co
+ 
+   if (!is_last) {
+     if (!read_is_valid(*data, 4, data_end))
+       vpx_internal_error(error_info, VPX_CODEC_CORRUPT_FRAME,
+           "Truncated packet or corrupt tile length");
+ 
+     size = read_be32(*data);
+     *data += 4;
++
++    if (size > data_end - *data) {
++      vpx_internal_error(error_info, VPX_CODEC_CORRUPT_FRAME,
++          "Truncated packet or corrupt tile size");
++    }
+   } else {
+     size = data_end - *data;
+   }
+   return size;
+ }
+ 
+ typedef struct TileBuffer {
+   const uint8_t *data;
+