diff --git a/srcpkgs/mupdf/patches/patch-thirdparty_mujs_jsdate.c b/srcpkgs/mupdf/patches/patch-thirdparty_mujs_jsdate.c
new file mode 100644
index 00000000000..bb83c94204b
--- /dev/null
+++ b/srcpkgs/mupdf/patches/patch-thirdparty_mujs_jsdate.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-thirdparty_mujs_jsdate.c,v 1.1 2017/01/30 14:06:05 leot Exp $
+
+Backport a fix from upstream for CVE-2017-5628:
+
+Fix 697496: Check NAN before accessing array in MakeDay().
+
+--- thirdparty/mujs/jsdate.c.orig
++++ thirdparty/mujs/jsdate.c
+@@ -207,12 +207,17 @@ static double MakeDay(double y, double m, double date)
+ 	};
+ 
+ 	double yd, md;
++	int im;
+ 
+ 	y += floor(m / 12);
+ 	m = pmod(m, 12);
+ 
++	im = (int)m;
++	if (im < 0 || im >= 12)
++		return NAN;
++
+ 	yd = floor(TimeFromYear(y) / msPerDay);
+-	md = firstDayOfMonth[InLeapYear(y)][(int)m];
++	md = firstDayOfMonth[InLeapYear(y)][im];
+ 
+ 	return yd + md + date - 1;
+ }
diff --git a/srcpkgs/mupdf/patches/patch-thirdparty_mujs_jsrun.c b/srcpkgs/mupdf/patches/patch-thirdparty_mujs_jsrun.c
new file mode 100644
index 00000000000..3feecf477b2
--- /dev/null
+++ b/srcpkgs/mupdf/patches/patch-thirdparty_mujs_jsrun.c
@@ -0,0 +1,21 @@
+$NetBSD: patch-thirdparty_mujs_jsrun.c,v 1.1 2017/01/30 14:06:05 leot Exp $
+
+Backport a fix from upstream for CVE-2017-5627:
+
+Fix 697497: Ensure array length is positive.
+
+As a side effect when changing to using regular integers (and avoid the
+nightmare of mixing signed and unsigned) we accidentally allowed negative
+array lengths.
+
+--- thirdparty/mujs/jsrun.c.orig
++++ thirdparty/mujs/jsrun.c
+@@ -544,7 +544,7 @@ static void jsR_setproperty(js_State *J, js_Object *obj, const char *name)
+ 		if (!strcmp(name, "length")) {
+ 			double rawlen = jsV_tonumber(J, value);
+ 			int newlen = jsV_numbertointeger(rawlen);
+-			if (newlen != rawlen)
++			if (newlen != rawlen || newlen < 0)
+ 				js_rangeerror(J, "array length");
+ 			jsV_resizearray(J, obj, newlen);
+ 			return;
diff --git a/srcpkgs/mupdf/template b/srcpkgs/mupdf/template
index 6614451ab93..1c8146ae11c 100644
--- a/srcpkgs/mupdf/template
+++ b/srcpkgs/mupdf/template
@@ -1,7 +1,7 @@
 # Template file for 'mupdf'
 pkgname=mupdf
 version=1.10a
-revision=1
+revision=2
 wrksrc="${pkgname}-${version}-source"
 hostmakedepends="pkg-config zlib-devel libcurl-devel freetype-devel
  libjpeg-turbo-devel jbig2dec-devel libXext-devel libXcursor-devel