diff --git a/srcpkgs/libvorbis/patches/CVE-2018-10393.patch b/srcpkgs/libvorbis/patches/CVE-2018-10393.patch
new file mode 100644
index 00000000000..9ad9d18f750
--- /dev/null
+++ b/srcpkgs/libvorbis/patches/CVE-2018-10393.patch
@@ -0,0 +1,58 @@
+From 98a60969315dba8c1e8231f561e1551670bc80ae Mon Sep 17 00:00:00 2001
+Message-Id: <98a60969315dba8c1e8231f561e1551670bc80ae.1511192857.git.agx@sigxcpu.org>
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Wed, 15 Nov 2017 13:12:00 +0100
+Subject: [PATCH] CVE-2017-14160: make sure we don't overflow
+
+---
+ lib/psy.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1e..8bbf6cf3 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -599,7 +599,7 @@ static void bark_noise_hybridmp(int n,const long *b,
+     XY[i] = tXY;
+   }
+ 
+-  for (i = 0, x = 0.f;; i++, x += 1.f) {
++  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+     if( lo>=0 ) break;
+@@ -621,12 +621,11 @@ static void bark_noise_hybridmp(int n,const long *b,
+     noise[i] = R - offset;
+   }
+ 
+-  for ( ;; i++, x += 1.f) {
++  for ( ; i < n; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+     hi = b[i] & 0xffff;
+     if(hi>=n)break;
+-
+     tN = N[hi] - N[lo];
+     tX = X[hi] - X[lo];
+     tXX = XX[hi] - XX[lo];
+@@ -651,7 +650,7 @@ static void bark_noise_hybridmp(int n,const long *b,
+ 
+   if (fixed <= 0) return;
+ 
+-  for (i = 0, x = 0.f;; i++, x += 1.f) {
++  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
+     hi = i + fixed / 2;
+     lo = hi - fixed;
+     if(lo>=0)break;
+@@ -670,7 +669,7 @@ static void bark_noise_hybridmp(int n,const long *b,
+ 
+     if (R - offset < noise[i]) noise[i] = R - offset;
+   }
+-  for ( ;; i++, x += 1.f) {
++  for ( ; i < n; i++, x += 1.f) {
+ 
+     hi = i + fixed / 2;
+     lo = hi - fixed;
+-- 
+2.15.0
+
diff --git a/srcpkgs/libvorbis/template b/srcpkgs/libvorbis/template
index 01748ac8c72..a145e72a4fc 100644
--- a/srcpkgs/libvorbis/template
+++ b/srcpkgs/libvorbis/template
@@ -1,10 +1,10 @@
 # Template file for 'libvorbis'.
 pkgname=libvorbis
 version=1.3.6
-revision=2
+revision=3
 patch_args="-Np1"
 build_style=gnu-configure
-hostmakedepends="pkg-config"
+hostmakedepends="pkgconf"
 makedepends="libogg-devel"
 short_desc="The Vorbis General Audio Compression Codec"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"