diff -Nru libjpeg-turbo-1.3.0/debian/changelog libjpeg-turbo-1.3.0/debian/changelog
--- libjpeg-turbo-1.3.0/debian/changelog	2013-12-19 12:07:37.000000000 -0800
+++ libjpeg-turbo-1.3.0/debian/changelog	2017-11-14 11:55:46.000000000 -0800
@@ -1,3 +1,11 @@
+libjpeg-turbo (1.3.0-0ubuntu3) trusty; urgency=low
+
+  * [CVE-2014-9092]: Fix a Huffman local buffer overrun.
+    Patch taken from Debian upstream 1:1.3.1-11, uploaded
+    by Ondřej Surý <ondrej@debian.org>
+
+ -- Micah Cowan <micah@addictivecode.org>  Tue, 14 Nov 2017 11:55:23 -0800
+
 libjpeg-turbo (1.3.0-0ubuntu2) trusty; urgency=low
 
   * SECURITY UPDATE: information disclosure via uninitialized memory in
diff -Nru libjpeg-turbo-1.3.0/debian/control libjpeg-turbo-1.3.0/debian/control
--- libjpeg-turbo-1.3.0/debian/control	2013-07-28 08:56:13.000000000 -0700
+++ libjpeg-turbo-1.3.0/debian/control	2017-11-14 11:50:38.000000000 -0800
@@ -2,8 +2,7 @@
 Priority: optional
 Section: graphics
 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-Uploaders: Tom Gall <tom.gall@linaro.org>,
-           Fathi Boudra <fathi.boudra@linaro.org>
+Uploaders: Micah Cowan <micah@addictivecode.org>
 Build-Depends: debhelper (>= 8.1.3), dh-autoreconf, nasm [amd64 i386], quilt
 Standards-Version: 3.9.4
 Vcs-Bzr: lp:libjpeg-turbo
diff -Nru libjpeg-turbo-1.3.0/debian/patches/CVE-2014-9092.patch libjpeg-turbo-1.3.0/debian/patches/CVE-2014-9092.patch
--- libjpeg-turbo-1.3.0/debian/patches/CVE-2014-9092.patch	1969-12-31 16:00:00.000000000 -0800
+++ libjpeg-turbo-1.3.0/debian/patches/CVE-2014-9092.patch	2017-11-14 12:00:39.000000000 -0800
@@ -0,0 +1,22 @@
+Index: libjpeg-turbo-1.3.0/jchuff.c
+===================================================================
+--- libjpeg-turbo-1.3.0.orig/jchuff.c	2017-11-14 11:59:31.948622518 -0800
++++ libjpeg-turbo-1.3.0/jchuff.c	2017-11-14 11:59:31.948622518 -0800
+@@ -391,7 +391,16 @@ dump_buffer (working_state * state)
+ #endif
+ 
+ 
+-#define BUFSIZE (DCTSIZE2 * 2)
++/* Although it is exceedingly rare, it is possible for a Huffman-encoded
++ * coefficient block to be larger than the 128-byte unencoded block.  For each
++ * of the 64 coefficients, PUT_BITS is invoked twice, and each invocation can
++ * theoretically store 16 bits (for a maximum of 2048 bits or 256 bytes per
++ * encoded block.)  If, for instance, one artificially sets the AC
++ * coefficients to alternating values of 32767 and -32768 (using the JPEG
++ * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block
++ * larger than 200 bytes.
++ */
++#define BUFSIZE (DCTSIZE2 * 4)
+ 
+ #define LOAD_BUFFER() { \
+   if (state->free_in_buffer < BUFSIZE) { \
diff -Nru libjpeg-turbo-1.3.0/debian/patches/series libjpeg-turbo-1.3.0/debian/patches/series
--- libjpeg-turbo-1.3.0/debian/patches/series	2013-11-22 06:57:08.000000000 -0800
+++ libjpeg-turbo-1.3.0/debian/patches/series	2017-11-14 11:57:04.000000000 -0800
@@ -3,3 +3,4 @@
 add-copying-for-debian-dir.patch
 CVE-2013-6629.patch
 CVE-2013-6630.patch
+CVE-2014-9092.patch