diff --git a/srcpkgs/libvorbis/patches/CVE-2017-14632.patch b/srcpkgs/libvorbis/patches/CVE-2017-14632.patch
new file mode 100644
index 00000000000..33cd45bcaf8
--- /dev/null
+++ b/srcpkgs/libvorbis/patches/CVE-2017-14632.patch
@@ -0,0 +1,10 @@
+--- lib/info.c
++++ lib/info.c
+@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp
+   private_state *b=v->backend_state;
+ 
+   if(!b||vi->channels<=0){
++    b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
+   }
diff --git a/srcpkgs/libvorbis/patches/CVE-2017-14633.patch b/srcpkgs/libvorbis/patches/CVE-2017-14633.patch
new file mode 100644
index 00000000000..548b1262848
--- /dev/null
+++ b/srcpkgs/libvorbis/patches/CVE-2017-14633.patch
@@ -0,0 +1,11 @@
+--- lib/info.c
++++ lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>256){
+     b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
diff --git a/srcpkgs/libvorbis/patches/autogen_skip_configure.patch b/srcpkgs/libvorbis/patches/autogen_skip_configure.patch
new file mode 100644
index 00000000000..3f2ecc134b3
--- /dev/null
+++ b/srcpkgs/libvorbis/patches/autogen_skip_configure.patch
@@ -0,0 +1,9 @@
+--- autogen.sh.orig	2013-03-21 17:21:18.281013739 +0100
++++ autogen.sh	2013-03-21 17:21:23.960040231 +0100
+@@ -124,6 +124,3 @@ echo "  $AUTOMAKE --add-missing $AUTOMAK
+ $AUTOMAKE --add-missing $AUTOMAKE_FLAGS || exit 1
+ echo "  autoconf"
+ autoconf || exit 1
+-
+-cd $olddir
+-$srcdir/configure --enable-maintainer-mode "$@" && echo
diff --git a/srcpkgs/libvorbis/template b/srcpkgs/libvorbis/template
index 471d587bc75..bb376333e4d 100644
--- a/srcpkgs/libvorbis/template
+++ b/srcpkgs/libvorbis/template
@@ -1,16 +1,16 @@
 # Template file for 'libvorbis'.
 pkgname=libvorbis
-version=1.3.6
-revision=1
+version=1.3.5
+revision=2
 build_style=gnu-configure
 hostmakedepends="automake libtool pkg-config"
 makedepends="libogg-devel"
 short_desc="The Vorbis General Audio Compression Codec"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
-license="3-clause-BSD"
+license="BSD"
 homepage="http://www.xiph.org/vorbis/"
 distfiles="http://downloads.xiph.org/releases/vorbis/${pkgname}-${version}.tar.gz"
-checksum=6ed40e0241089a42c48604dc00e362beee00036af2d8b3f46338031c9e0351cb
+checksum=6efbcecdd3e5dfbf090341b485da9d176eb250d893e3eb378c428a2db38301ce
 
 pre_configure() {
 	autoreconf -fi -I m4