diff --git a/Formula/libquicktime.rb b/Formula/libquicktime.rb
index 877dc22722..996e7a84f7 100644
--- a/Formula/libquicktime.rb
+++ b/Formula/libquicktime.rb
@@ -22,9 +22,9 @@ class Libquicktime < Formula
   # Also, fixes from upstream for CVE-2017-9122 through CVE-2017-9128, applied
   # by Debian since 30 Jun 2017.
   patch do
-    url "https://mirrors.ocf.berkeley.edu/debian/pool/main/libq/libquicktime/libquicktime_1.2.4-11.debian.tar.xz"
-    mirror "https://mirrorservice.org/sites/ftp.debian.org/debian/pool/main/libq/libquicktime/libquicktime_1.2.4-11.debian.tar.xz"
-    sha256 "3f655fdab37fcad2d2e7d20672ff8bad6eec64a9d5a7dc702c79082346ba878b"
+    url "https://mirrors.ocf.berkeley.edu/debian/pool/main/libq/libquicktime/libquicktime_1.2.4-12.debian.tar.xz"
+    mirror "https://mirrorservice.org/sites/ftp.debian.org/debian/pool/main/libq/libquicktime/libquicktime_1.2.4-12.debian.tar.xz"
+    sha256 "e5b5fa3ec8391b92554d04528568d04ea9eb5145835e0c246eac7961c891a91a"
     apply "patches/CVE-2016-2399.patch"
     apply "patches/CVE-2017-9122_et_al.patch"
   end