diff -u openjpeg-1.3+dfsg/debian/changelog openjpeg-1.3+dfsg/debian/changelog
--- openjpeg-1.3+dfsg/debian/changelog
+++ openjpeg-1.3+dfsg/debian/changelog
@@ -1,3 +1,11 @@
+openjpeg (1.3+dfsg-4.4) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix cve-2012-3358: buffer overflow in JPEG2000 image file handling
+    (closes: #681075).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Wed, 11 Jul 2012 15:52:34 -0400
+
 openjpeg (1.3+dfsg-4.3) unstable; urgency=low
 
   * Non-maintainer upload with permission of the maintainer.
diff -u openjpeg-1.3+dfsg/debian/patches/00list openjpeg-1.3+dfsg/debian/patches/00list
--- openjpeg-1.3+dfsg/debian/patches/00list
+++ openjpeg-1.3+dfsg/debian/patches/00list
@@ -4,0 +5 @@
+cve-2012-3358.dpatch
only in patch2:
unchanged:
--- openjpeg-1.3+dfsg.orig/debian/patches/cve-2012-3358.dpatch
+++ openjpeg-1.3+dfsg/debian/patches/cve-2012-3358.dpatch
@@ -0,0 +1,60 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## cve-2012-3358.dpatch by Michael Gilbert <mgilbert@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix buffer overflow in JPEG2000 file handling.
+## DP: https://bugzilla.redhat.com/show_bug.cgi?id=835767
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' openjpeg-1.3+dfsg~/libopenjpeg/j2k.c openjpeg-1.3+dfsg/libopenjpeg/j2k.c
+--- openjpeg-1.3+dfsg~/libopenjpeg/j2k.c	2012-07-11 16:04:38.000000000 -0400
++++ openjpeg-1.3+dfsg/libopenjpeg/j2k.c	2012-07-11 16:06:07.000000000 -0400
+@@ -1282,7 +1282,7 @@
+ 		static int backup_tileno = 0;
+ 
+ 		/* tileno is negative or larger than the number of tiles!!! */
+-		if ((tileno < 0) || (tileno > (cp->tw * cp->th))) {
++		if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) {
+ 			opj_event_msg(j2k->cinfo, EVT_ERROR,
+ 				"JPWL: bad tile number (%d out of a maximum of %d)\n",
+ 				tileno, (cp->tw * cp->th));
+@@ -1299,8 +1299,18 @@
+ 
+ 		/* keep your private count of tiles */
+ 		backup_tileno++;
+-	};
++	}
++	else
+ #endif /* USE_JPWL */
++	{
++		/* tileno is negative or larger than the number of tiles!!! */
++		if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) {
++			opj_event_msg(j2k->cinfo, EVT_ERROR,
++				"JPWL: bad tile number (%d out of a maximum of %d)\n",
++				tileno, (cp->tw * cp->th));
++			return;
++		}
++	}
+ 	
+ 	if (cp->tileno_size == 0) {
+ 		cp->tileno[cp->tileno_size] = tileno;
+@@ -1338,8 +1348,18 @@
+ 				totlen);
+ 		}
+ 
+-	};
++	}
++	else
+ #endif /* USE_JPWL */
++	{
++		/* totlen is negative or larger than the bytes left!!! */
++		if ((totlen < 0) || (totlen > (cio_numbytesleft(cio) + 8))) {
++			opj_event_msg(j2k->cinfo, EVT_ERROR,
++				"JPWL: bad tile byte size (%d bytes against %d bytes left)\n",
++				totlen, cio_numbytesleft(cio) + 8);
++			return;
++		}
++	}
+ 
+ 	if (!totlen)
+ 		totlen = cio_numbytesleft(cio) + 8;