diff --git a/graphics/openjpeg/Makefile b/graphics/openjpeg/Makefile
index ba33287da41..4788f3d49b9 100644
--- a/graphics/openjpeg/Makefile
+++ b/graphics/openjpeg/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.10 2012/07/16 12:54:33 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.11 2012/09/17 12:31:35 jasper Exp $
 
 COMMENT=		open-source JPEG 2000 codec library
 
 DISTNAME=		openjpeg-1.5.0
-REVISION=		2
+REVISION=		3
 
 SHARED_LIBS +=	openjpeg             5.0      # 6.0
 
diff --git a/graphics/openjpeg/patches/patch-libopenjpeg_j2k_c b/graphics/openjpeg/patches/patch-libopenjpeg_j2k_c
index 39159f40d2a..3df0bfc874c 100644
--- a/graphics/openjpeg/patches/patch-libopenjpeg_j2k_c
+++ b/graphics/openjpeg/patches/patch-libopenjpeg_j2k_c
@@ -1,10 +1,25 @@
-$OpenBSD: patch-libopenjpeg_j2k_c,v 1.2 2012/07/11 08:46:46 jasper Exp $
+$OpenBSD: patch-libopenjpeg_j2k_c,v 1.3 2012/09/17 12:31:35 jasper Exp $
 
 http://code.google.com/p/openjpeg/source/detail?r=1727 (CVE-2012-3358)
+http://code.google.com/p/openjpeg/source/detail?r=1919 (CVE-2012-3535)
 
---- libopenjpeg/j2k.c.orig	Wed Jul 11 10:17:02 2012
-+++ libopenjpeg/j2k.c	Wed Jul 11 10:19:48 2012
-@@ -1269,7 +1269,7 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
+--- libopenjpeg/j2k.c.orig	Tue Feb  7 11:49:55 2012
++++ libopenjpeg/j2k.c	Mon Sep 17 13:56:12 2012
+@@ -685,6 +685,13 @@ static void j2k_read_cox(opj_j2k_t *j2k, int compno) {
+ 		j2k->state |= J2K_STATE_ERR;
+ 	}
+ 
++	if( tccp->numresolutions > J2K_MAXRLVLS ) {
++	    opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n",
++	      compno, tccp->numresolutions, J2K_MAXRLVLS);
++			j2k->state |= J2K_STATE_ERR;
++	    tccp->numresolutions = J2K_MAXRLVLS;
++	 }
++
+ 	tccp->cblkw = cio_read(cio, 1) + 2;	/* SPcox (E) */
+ 	tccp->cblkh = cio_read(cio, 1) + 2;	/* SPcox (F) */
+ 	tccp->cblksty = cio_read(cio, 1);	/* SPcox (G) */
+@@ -1269,7 +1276,7 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
  		static int backup_tileno = 0;
  
  		/* tileno is negative or larger than the number of tiles!!! */
@@ -13,7 +28,7 @@ http://code.google.com/p/openjpeg/source/detail?r=1727 (CVE-2012-3358)
  			opj_event_msg(j2k->cinfo, EVT_ERROR,
  				"JPWL: bad tile number (%d out of a maximum of %d)\n",
  				tileno, (cp->tw * cp->th));
-@@ -1286,8 +1286,18 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
+@@ -1286,8 +1293,18 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
  
  		/* keep your private count of tiles */
  		backup_tileno++;