diff -Nru vlc-2.2.6/debian/changelog vlc-2.2.6/debian/changelog
--- vlc-2.2.6/debian/changelog	2017-06-18 11:15:34.000000000 -0500
+++ vlc-2.2.6/debian/changelog	2017-07-10 01:33:27.000000000 -0500
@@ -1,3 +1,11 @@
+vlc (2.2.6-2ubuntu1) artful; urgency=high
+
+  * SECURITY UPDATE: Crash due to Out-of-Bound Heap Memory Write (LP: #1693893)
+    - fix-CVE-2017-10699.patch
+    - CVE-2017-10699
+
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Mon, 10 Jul 2017 01:33:27 -0500
+
 vlc (2.2.6-2) unstable; urgency=medium
 
   * Upload to unstable.
diff -Nru vlc-2.2.6/debian/control vlc-2.2.6/debian/control
--- vlc-2.2.6/debian/control	2017-06-18 06:51:53.000000000 -0500
+++ vlc-2.2.6/debian/control	2017-07-10 01:33:27.000000000 -0500
@@ -1,7 +1,8 @@
 Source: vlc
 Section: video
 Priority: optional
-Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
 Uploaders: Loic Minier <lool@dooz.org>,
            Christophe Mutricy <xtophe@videolan.org>,
            Mohammed Adnène Trojette <adn+deb@diwi.org>,
diff -Nru vlc-2.2.6/debian/patches/fix-CVE-2017-10699.patch vlc-2.2.6/debian/patches/fix-CVE-2017-10699.patch
--- vlc-2.2.6/debian/patches/fix-CVE-2017-10699.patch	1969-12-31 18:00:00.000000000 -0600
+++ vlc-2.2.6/debian/patches/fix-CVE-2017-10699.patch	2017-07-10 01:30:42.000000000 -0500
@@ -0,0 +1,40 @@
+Description: check visible size when creating buffer
+ avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before
+ 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy()
+ with a wrong size, leading to a denial of service (application crash) or
+ possibly code execution.
+ .
+ This fixes CVE-2017-10699.
+Author: Francois Cartegnie <fcvlcdev@free.fr>
+Origin: upstream
+Applied-Upstream: 6cc73bcad19da2cd2e95671173f2e0d203a57e9b, a38a85db58c569cc592d9380cc07096757ef3d49
+Last-Update: 2017-07-07
+--- a/modules/codec/avcodec/video.c
++++ b/modules/codec/avcodec/video.c
+@@ -137,9 +137,11 @@ static inline picture_t *ffmpeg_NewPictB
+     }
+ 
+ 
+-    if( width == 0 || height == 0 || width > 8192 || height > 8192 )
++    if( width == 0 || height == 0 || width > 8192 || height > 8192 ||
++        width < p_context->width || height < p_context->height )
+     {
+-        msg_Err( p_dec, "Invalid frame size %dx%d.", width, height );
++        msg_Err( p_dec, "Invalid frame size %dx%d. vsz %dx%d",
++                 width, height, p_context->width, p_context->height );
+         return NULL; /* invalid display size */
+     }
+     p_dec->fmt_out.video.i_width = width;
+--- a/src/input/decoder.c
++++ b/src/input/decoder.c
+@@ -2060,7 +2060,9 @@ static picture_t *vout_new_buffer( decod
+         vout_thread_t *p_vout;
+ 
+         if( !p_dec->fmt_out.video.i_width ||
+-            !p_dec->fmt_out.video.i_height )
++            !p_dec->fmt_out.video.i_height ||
++            p_dec->fmt_out.video.i_width < p_dec->fmt_out.video.i_visible_width ||
++            p_dec->fmt_out.video.i_height < p_dec->fmt_out.video.i_visible_height )
+         {
+             /* Can't create a new vout without display size */
+             return NULL;
diff -Nru vlc-2.2.6/debian/patches/series vlc-2.2.6/debian/patches/series
--- vlc-2.2.6/debian/patches/series	2017-06-18 06:50:51.000000000 -0500
+++ vlc-2.2.6/debian/patches/series	2017-07-10 01:32:02.000000000 -0500
@@ -8,3 +8,4 @@
 0008-desktop-file-We-understand-gvp-and-ram-format.patch
 0009-desktop-file-more-mimetypes-from-iana.org.patch
 0010-MKV-support-WebVTT-subtitles-embedded.patch
+fix-CVE-2017-10699.patch