diff -Nru vlc-2.1.6/debian/changelog vlc-2.1.6/debian/changelog
--- vlc-2.1.6/debian/changelog	2016-05-02 19:28:56.000000000 -0500
+++ vlc-2.1.6/debian/changelog	2017-07-10 22:59:26.000000000 -0500
@@ -1,3 +1,23 @@
+vlc (2.1.6-0ubuntu14.04.3) trusty-security; urgency=high
+
+  * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893)
+    - fix-CVE-2016-5108.patch
+    - CVE-2016-5108
+  * SECURITY UPDATE: Fix potential out of bound reads
+    - fix-CVE-2017-8310.patch
+    - CVE-2017-8310
+  * SECURITY UPDATE: Fix invalid double increment
+    - fix-CVE-2017-8311.patch
+    - CVE-2017-8311
+  * SECURITY UPDATE: Fix potential heap buffer overflow
+    - fix-CVE-2017-8312.patch
+    - CVE-2017-8312
+  * SECURITY UPDATE: ParseJSS: fix out-of-bounds read
+    - fix-CVE-2017-8313.patch
+    - CVE-2017-8313
+
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Mon, 10 Jul 2017 22:59:26 -0500
+
 vlc (2.1.6-0ubuntu14.04.2) trusty-security; urgency=medium
 
   * SECURITY UPDATE: denial of service via crafted FLV file
diff -Nru vlc-2.1.6/debian/patches/fix-CVE-2016-5108.patch vlc-2.1.6/debian/patches/fix-CVE-2016-5108.patch
--- vlc-2.1.6/debian/patches/fix-CVE-2016-5108.patch	1969-12-31 18:00:00.000000000 -0600
+++ vlc-2.1.6/debian/patches/fix-CVE-2016-5108.patch	2017-07-10 05:09:58.000000000 -0500
@@ -0,0 +1,26 @@
+Description: reject invalid QuickTime IMA files
+ Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c
+ in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause
+ a denial of service (crash) or possibly execute arbitrary code via a
+ crafted QuickTime IMA file.
+ .
+ This fixes CVE-2016-5108.
+Author: Rafaël Carré <funman@videolan.org>
+Origin: upstream
+Applied-Upstream: 458ed62bbeb9d1bddf7b8df104e14936408a3db9
+Last-Update: 2017-07-07
+--- a/modules/codec/adpcm.c
++++ b/modules/codec/adpcm.c
+@@ -171,6 +171,12 @@ static int OpenDecoder( vlc_object_t *p_
+     switch( p_dec->fmt_in.i_codec )
+     {
+         case VLC_FOURCC('i','m','a', '4'): /* IMA ADPCM */
++            if (p_dec->fmt_in.audio.i_channels > 2) {
++                free(p_sys);
++                msg_Err(p_dec, "Invalid number of channels %i",
++                        p_dec->fmt_in.audio.i_channels );
++                return VLC_EGENERIC;
++            }
+             p_sys->codec = ADPCM_IMA_QT;
+             break;
+         case VLC_CODEC_ADPCM_IMA_WAV: /* IMA ADPCM */
diff -Nru vlc-2.1.6/debian/patches/fix-CVE-2017-8310.patch vlc-2.1.6/debian/patches/fix-CVE-2017-8310.patch
--- vlc-2.1.6/debian/patches/fix-CVE-2017-8310.patch	1969-12-31 18:00:00.000000000 -0600
+++ vlc-2.1.6/debian/patches/fix-CVE-2017-8310.patch	2017-07-10 05:11:05.000000000 -0500
@@ -0,0 +1,48 @@
+Description: Fix potential out of bound reads
+ Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to
+ missing check of string termination allows attackers to read data beyond
+ allocated memory and potentially crash the process (causing a denial of
+ service) via a crafted subtitles file.
+ .
+ This fixes CVE-2017-8310.
+Author: Yannay Livneh <yannayl@checkpoint.com>
+Origin: upstream
+Applied-Upstream: 7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
+Last-Update: 2017-07-07
+--- a/modules/codec/subsdec.c
++++ b/modules/codec/subsdec.c
+@@ -662,7 +662,7 @@ static char *CreateHtmlSubtitle( int *pi
+                 HtmlCopy( &psz_html, &psz_subtitle, "<font " );
+                 HtmlPut( &psz_tag, "f" );
+ 
+-                while( *psz_subtitle != '>' )
++                while( *psz_subtitle != '>' && *psz_subtitle)
+                 {
+                     int  k;
+ 
+@@ -720,7 +720,7 @@ static char *CreateHtmlSubtitle( int *pi
+                                 i_len++;
+                         }
+                         /* Not a tag, something else we do not understand */
+-                        if( i_len == 0 )
++                        if( i_len == 0 && *psz_subtitle != '\0' )
+                             psz_subtitle++;
+ 
+                         psz_subtitle += i_len;
+@@ -729,6 +729,7 @@ static char *CreateHtmlSubtitle( int *pi
+                     HtmlNPut( &psz_html, psz_subtitle, strspn(psz_subtitle, " ") );
+                 }
+                 HtmlPut( &psz_html, ">" );
++                if (*psz_subtitle == '\0') break;
+                 psz_subtitle++;
+             }
+             else if( !strncmp( psz_subtitle, "</", 2 ))
+@@ -910,7 +911,7 @@ static char *CreateHtmlSubtitle( int *pi
+             }
+             psz_subtitle = strchr( psz_subtitle, '}' ) + 1;
+         }
+-        else if( psz_subtitle[0] == '{' &&  psz_subtitle[2] == ':' && strchr( psz_subtitle, '}' ) )
++        else if( psz_subtitle[0] == '{' &&  psz_subtitle[1] != '\0' && psz_subtitle[2] == ':' && strchr( psz_subtitle, '}' ) )
+         {
+             // Hide other {x:y} atrocities, like {c:$bbggrr} or {P:x}
+             psz_subtitle = strchr( psz_subtitle, '}' ) + 1;
diff -Nru vlc-2.1.6/debian/patches/fix-CVE-2017-8311.patch vlc-2.1.6/debian/patches/fix-CVE-2017-8311.patch
--- vlc-2.1.6/debian/patches/fix-CVE-2017-8311.patch	1969-12-31 18:00:00.000000000 -0600
+++ vlc-2.1.6/debian/patches/fix-CVE-2017-8311.patch	2017-07-10 05:11:05.000000000 -0500
@@ -0,0 +1,21 @@
+Description: Fix invalid double increment.
+ Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before
+ 2.2.5 due to skipping NULL terminator in an input string allows attackers
+ to execute arbitrary code via a crafted subtitles file.
+ .
+ This fixes CVE-2017-8311.
+Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
+Origin: upstream
+Applied-Upstream: 775de716add17322f24b476439f903a829446eb6
+Last-Update: 2017-07-07
+--- a/modules/demux/subtitle.c
++++ b/modules/demux/subtitle.c
+@@ -1781,7 +1781,7 @@ static int ParseJSS( demux_t *p_demux, s
+             if( ( toupper((unsigned char)*(psz_text + 1 ) ) == 'C' ) ||
+                     ( toupper((unsigned char)*(psz_text + 1 ) ) == 'F' ) )
+             {
+-                psz_text++; psz_text++;
++                psz_text++;
+                 break;
+             }
+             if( (*(psz_text + 1 ) ) == 'B' || (*(psz_text + 1 ) ) == 'b' ||
diff -Nru vlc-2.1.6/debian/patches/fix-CVE-2017-8312.patch vlc-2.1.6/debian/patches/fix-CVE-2017-8312.patch
--- vlc-2.1.6/debian/patches/fix-CVE-2017-8312.patch	1969-12-31 18:00:00.000000000 -0600
+++ vlc-2.1.6/debian/patches/fix-CVE-2017-8312.patch	2017-07-10 05:11:05.000000000 -0500
@@ -0,0 +1,40 @@
+Description: Fix potential heap buffer overflow
+ Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of
+ string length allows attackers to read heap uninitialized data via a
+ crafted subtitles file.
+ .
+ This fixes CVE-2017-8312.
+Author: Hugo Beauzée-Luyssen <hugo@beauzee.fr>
+Origin: upstream
+Applied-Upstream: 611398fc8d32f3fe4331f60b220c52ba3557beaa
+Last-Update: 2017-07-07
+--- a/modules/demux/subtitle.c
++++ b/modules/demux/subtitle.c
+@@ -1601,7 +1601,8 @@ static int ParseJSS( demux_t *p_demux, s
+         if( !s )
+             return VLC_EGENERIC;
+ 
+-        psz_orig = malloc( strlen( s ) + 1 );
++        size_t line_length = strlen( s );
++        psz_orig = malloc( line_length + 1 );
+         if( !psz_orig )
+             return VLC_ENOMEM;
+         psz_text = psz_orig;
+@@ -1641,6 +1642,8 @@ static int ParseJSS( demux_t *p_demux, s
+             {
+             case 'S':
+                  shift = isalpha( (unsigned char)psz_text[2] ) ? 6 : 2 ;
++                 if ( shift > line_length )
++                     continue;
+ 
+                  if( sscanf( &psz_text[shift], "%d", &h ) )
+                  {
+@@ -1678,6 +1681,8 @@ static int ParseJSS( demux_t *p_demux, s
+ 
+             case 'T':
+                 shift = isalpha( (unsigned char)psz_text[2] ) ? 8 : 2 ;
++                if ( shift > line_length )
++                    continue;
+ 
+                 sscanf( &psz_text[shift], "%d", &p_sys->jss.i_time_resolution );
+                 break;
diff -Nru vlc-2.1.6/debian/patches/fix-CVE-2017-8313.patch vlc-2.1.6/debian/patches/fix-CVE-2017-8313.patch
--- vlc-2.1.6/debian/patches/fix-CVE-2017-8313.patch	1969-12-31 18:00:00.000000000 -0600
+++ vlc-2.1.6/debian/patches/fix-CVE-2017-8313.patch	2017-07-10 05:11:06.000000000 -0500
@@ -0,0 +1,24 @@
+Description: ParseJSS: fix out-of-bounds read
+ The previous loop would continue until a space is found, which of course means
+ that it would step out of bounds if the string did not contain such.
+ .
+ These changes simply terminates the loop if the end of the string is reached.
+ .
+ This fixes CVE-2017-8313.
+Author: Filip Roséen <filip@atch.se>
+Origin: upstream
+Applied-Upstream: 05b653355ce303ada3b5e0e645ae717fea39186c
+Last-Update: 2017-07-07
+--- a/modules/demux/subtitle.c
++++ b/modules/demux/subtitle.c
+@@ -1728,8 +1728,8 @@ static int ParseJSS( demux_t *p_demux, s
+     /* Parse the directives */
+     if( isalpha( (unsigned char)*psz_text ) || *psz_text == '[' )
+     {
+-        while( *psz_text != ' ' )
+-        { psz_text++ ;};
++        while( *psz_text && *psz_text != ' ' )
++            ++psz_text;
+ 
+         /* Directives are NOT parsed yet */
+         /* This has probably a better place in a decoder ? */
diff -Nru vlc-2.1.6/debian/patches/series vlc-2.1.6/debian/patches/series
--- vlc-2.1.6/debian/patches/series	2016-05-02 19:28:45.000000000 -0500
+++ vlc-2.1.6/debian/patches/series	2017-07-10 05:11:00.000000000 -0500
@@ -2,3 +2,8 @@
 CVE-2014-9597.patch
 CVE-2014-9743.patch
 CVE-2016-3941.patch
+fix-CVE-2016-5108.patch
+fix-CVE-2017-8310.patch
+fix-CVE-2017-8311.patch
+fix-CVE-2017-8312.patch
+fix-CVE-2017-8313.patch