From 61c8c898a8436669b6097c597b659179846435fd Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 26 Oct 2023 19:55:16 +0000
Subject: [PATCH] Thu Oct 26 19:55:16 UTC 2023

patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
    https://www.cve.org/CVERecord?id=CVE-2023-5721
    https://www.cve.org/CVERecord?id=CVE-2023-5732
    https://www.cve.org/CVERecord?id=CVE-2023-5724
    https://www.cve.org/CVERecord?id=CVE-2023-5725
    https://www.cve.org/CVERecord?id=CVE-2023-5726
    https://www.cve.org/CVERecord?id=CVE-2023-5727
    https://www.cve.org/CVERecord?id=CVE-2023-5728
    https://www.cve.org/CVERecord?id=CVE-2023-5730
  (* Security fix *)
patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  Use-after-free bug in DestroyWindow.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
    https://www.cve.org/CVERecord?id=CVE-2023-5380
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
    https://www.cve.org/CVERecord?id=CVE-2023-5367
  (* Security fix *)
---
 ChangeLog.rss                                 |  47 ++++++-
 ChangeLog.txt                                 |  35 ++++++
 FILELIST.TXT                                  | 119 +++++++++---------
 ...hunderbird-115.4.1-x86_64-1_slack15.0.txt} |   0
 ...org-server-1.20.14-x86_64-9_slack15.0.txt} |   0
 ...ver-xephyr-1.20.14-x86_64-9_slack15.0.txt} |   0
 ...rver-xnest-1.20.14-x86_64-9_slack15.0.txt} |   0
 ...erver-xvfb-1.20.14-x86_64-9_slack15.0.txt} |   0
 ...er-xwayland-21.1.4-x86_64-8_slack15.0.txt} |   0
 .../xorg-server-xwayland/CVE-2023-5367.patch  |  81 ++++++++++++
 .../xorg-server-xwayland.SlackBuild           |   7 +-
 patches/source/xorg-server/build/xorg-server  |   2 +-
 .../xorg-server/patch/xorg-server.patch       |   5 +
 .../patch/xorg-server/CVE-2023-5367.patch     |  81 ++++++++++++
 .../patch/xorg-server/CVE-2023-5380.patch     |  99 +++++++++++++++
 recompress.sh                                 |   3 +
 16 files changed, 416 insertions(+), 63 deletions(-)
 rename patches/packages/{mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txt => mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txt} (100%)
 rename patches/packages/{xorg-server-1.20.14-x86_64-8_slack15.0.txt => xorg-server-1.20.14-x86_64-9_slack15.0.txt} (100%)
 rename patches/packages/{xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt => xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt} (100%)
 rename patches/packages/{xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt => xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt} (100%)
 rename patches/packages/{xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt => xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt} (100%)
 rename patches/packages/{xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt => xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt} (100%)
 create mode 100644 patches/source/xorg-server-xwayland/CVE-2023-5367.patch
 create mode 100644 patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch
 create mode 100644 patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch

diff --git a/ChangeLog.rss b/ChangeLog.rss
index 720911119..5c967e9a0 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,9 +11,52 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Tue, 24 Oct 2023 22:26:20 GMT</pubDate>
-      <lastBuildDate>Wed, 25 Oct 2023 11:30:25 GMT</lastBuildDate>
+      <pubDate>Thu, 26 Oct 2023 19:55:16 GMT</pubDate>
+      <lastBuildDate>Fri, 27 Oct 2023 11:30:27 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Thu, 26 Oct 2023 19:55:16 GMT</title>
+         <pubDate>Thu, 26 Oct 2023 19:55:16 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20231026195516</link>
+         <guid isPermaLink="false">20231026195516</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz:  Upgraded.
+  This release contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
+    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
+    https://www.cve.org/CVERecord?id=CVE-2023-5721
+    https://www.cve.org/CVERecord?id=CVE-2023-5732
+    https://www.cve.org/CVERecord?id=CVE-2023-5724
+    https://www.cve.org/CVERecord?id=CVE-2023-5725
+    https://www.cve.org/CVERecord?id=CVE-2023-5726
+    https://www.cve.org/CVERecord?id=CVE-2023-5727
+    https://www.cve.org/CVERecord?id=CVE-2023-5728
+    https://www.cve.org/CVERecord?id=CVE-2023-5730
+  (* Security fix *)
+patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+  This update fixes security issues:
+  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
+  Use-after-free bug in DestroyWindow.
+  For more information, see:
+    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
+    https://www.cve.org/CVERecord?id=CVE-2023-5367
+    https://www.cve.org/CVERecord?id=CVE-2023-5380
+  (* Security fix *)
+patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz:  Rebuilt.
+  This update fixes a security issue:
+  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
+  For more information, see:
+    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
+    https://www.cve.org/CVERecord?id=CVE-2023-5367
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
       <item>
          <title>Tue, 24 Oct 2023 22:26:20 GMT</title>
          <pubDate>Tue, 24 Oct 2023 22:26:20 GMT</pubDate>
diff --git a/ChangeLog.txt b/ChangeLog.txt
index d896db0fe..bd8e96b7f 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,38 @@
+Thu Oct 26 19:55:16 UTC 2023
+patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz:  Upgraded.
+  This release contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/
+    https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
+    https://www.cve.org/CVERecord?id=CVE-2023-5721
+    https://www.cve.org/CVERecord?id=CVE-2023-5732
+    https://www.cve.org/CVERecord?id=CVE-2023-5724
+    https://www.cve.org/CVERecord?id=CVE-2023-5725
+    https://www.cve.org/CVERecord?id=CVE-2023-5726
+    https://www.cve.org/CVERecord?id=CVE-2023-5727
+    https://www.cve.org/CVERecord?id=CVE-2023-5728
+    https://www.cve.org/CVERecord?id=CVE-2023-5730
+  (* Security fix *)
+patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+  This update fixes security issues:
+  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
+  Use-after-free bug in DestroyWindow.
+  For more information, see:
+    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
+    https://www.cve.org/CVERecord?id=CVE-2023-5367
+    https://www.cve.org/CVERecord?id=CVE-2023-5380
+  (* Security fix *)
+patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz:  Rebuilt.
+patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz:  Rebuilt.
+  This update fixes a security issue:
+  OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
+  For more information, see:
+    https://lists.x.org/archives/xorg-announce/2023-October/003430.html
+    https://www.cve.org/CVERecord?id=CVE-2023-5367
+  (* Security fix *)
++--------------------------+
 Tue Oct 24 22:26:20 UTC 2023
 patches/packages/mozilla-firefox-115.4.0esr-x86_64-1_slack15.0.txz:  Upgraded.
   This update contains security fixes and improvements.
diff --git a/FILELIST.TXT b/FILELIST.TXT
index a54bee96e..32ff8d622 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,20 +1,20 @@
-Tue Oct 24 22:30:36 UTC 2023
+Thu Oct 26 19:59:57 UTC 2023
 
 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.
 
-drwxr-xr-x 12 root root      4096 2023-10-24 22:26 .
+drwxr-xr-x 12 root root      4096 2023-10-26 19:55 .
 -rw-r--r--  1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--  1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
--rw-r--r--  1 root root   1195123 2023-10-22 19:33 ./CHECKSUMS.md5
--rw-r--r--  1 root root       163 2023-10-22 19:33 ./CHECKSUMS.md5.asc
+-rw-r--r--  1 root root   1195123 2023-10-24 22:30 ./CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2023-10-24 22:30 ./CHECKSUMS.md5.asc
 -rw-r--r--  1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--  1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--  1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--  1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r--  1 root root   2056133 2023-10-24 22:26 ./ChangeLog.txt
+-rw-r--r--  1 root root   2057937 2023-10-26 19:55 ./ChangeLog.txt
 drwxr-xr-x  3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--  1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,7 +25,7 @@ drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x  1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--  1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--  1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r--  1 root root   1562947 2023-10-22 19:33 ./FILELIST.TXT
+-rw-r--r--  1 root root   1562947 2023-10-24 22:30 ./FILELIST.TXT
 -rw-r--r--  1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--  1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--  1 root root      8034 2022-02-02 03:36 ./README.TXT
@@ -752,13 +752,13 @@ drwxr-xr-x  2 root root      4096 2022-12-17 19:52 ./pasture/source/samba
 -rw-r--r--  1 root root      7921 2018-04-29 17:31 ./pasture/source/samba/smb.conf.default
 -rw-r--r--  1 root root      7933 2018-01-14 20:41 ./pasture/source/samba/smb.conf.default.orig
 -rw-r--r--  1 root root       536 2017-03-23 19:18 ./pasture/source/samba/smb.conf.diff.gz
-drwxr-xr-x  4 root root      4096 2023-10-24 22:30 ./patches
--rw-r--r--  1 root root     86255 2023-10-24 22:30 ./patches/CHECKSUMS.md5
--rw-r--r--  1 root root       163 2023-10-24 22:30 ./patches/CHECKSUMS.md5.asc
--rw-r--r--  1 root root    117784 2023-10-24 22:30 ./patches/FILE_LIST
--rw-r--r--  1 root root  13191172 2023-10-24 22:30 ./patches/MANIFEST.bz2
--rw-r--r--  1 root root     62618 2023-10-24 22:30 ./patches/PACKAGES.TXT
-drwxr-xr-x  3 root root     24576 2023-10-24 22:30 ./patches/packages
+drwxr-xr-x  4 root root      4096 2023-10-26 19:59 ./patches
+-rw-r--r--  1 root root     86534 2023-10-26 19:59 ./patches/CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2023-10-26 19:59 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--  1 root root    118114 2023-10-26 19:59 ./patches/FILE_LIST
+-rw-r--r--  1 root root  13195472 2023-10-26 19:59 ./patches/MANIFEST.bz2
+-rw-r--r--  1 root root     62618 2023-10-26 19:59 ./patches/PACKAGES.TXT
+drwxr-xr-x  3 root root     24576 2023-10-26 19:59 ./patches/packages
 -rw-r--r--  1 root root       360 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   2389564 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-09-26 19:28 ./patches/packages/Cython-0.29.36-x86_64-1_slack15.0.txz.asc
@@ -928,9 +928,9 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       564 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   1838968 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-01-06 19:37 ./patches/packages/mozilla-nss-3.87-x86_64-1_slack15.0.txz.asc
--rw-r--r--  1 root root       663 2023-10-24 18:41 ./patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txt
--rw-r--r--  1 root root  60734184 2023-10-24 18:41 ./patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz
--rw-r--r--  1 root root       163 2023-10-24 18:41 ./patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txz.asc
+-rw-r--r--  1 root root       663 2023-10-26 03:29 ./patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txt
+-rw-r--r--  1 root root  60737480 2023-10-26 03:29 ./patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-10-26 03:29 ./patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txz.asc
 -rw-r--r--  1 root root       451 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   1598024 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-07-21 17:53 ./patches/packages/net-snmp-5.9.3-x86_64-1_slack15.0.txz.asc
@@ -1033,21 +1033,21 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       377 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    801956 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-11-17 01:47 ./patches/packages/xfce4-settings-4.16.5-x86_64-1_slack15.0.txz.asc
--rw-r--r--  1 root root       670 2023-03-29 18:44 ./patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt
--rw-r--r--  1 root root   1779708 2023-03-29 18:44 ./patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz
--rw-r--r--  1 root root       163 2023-03-29 18:44 ./patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txz.asc
--rw-r--r--  1 root root       370 2023-03-29 18:44 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt
--rw-r--r--  1 root root    868684 2023-03-29 18:44 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz
--rw-r--r--  1 root root       163 2023-03-29 18:44 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txz.asc
--rw-r--r--  1 root root       592 2023-03-29 18:44 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt
--rw-r--r--  1 root root    605096 2023-03-29 18:44 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz
--rw-r--r--  1 root root       163 2023-03-29 18:44 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txz.asc
--rw-r--r--  1 root root       689 2023-03-29 18:44 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt
--rw-r--r--  1 root root    731508 2023-03-29 18:44 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz
--rw-r--r--  1 root root       163 2023-03-29 18:44 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txz.asc
--rw-r--r--  1 root root       816 2023-03-29 18:44 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt
--rw-r--r--  1 root root    816820 2023-03-29 18:44 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz
--rw-r--r--  1 root root       163 2023-03-29 18:44 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txz.asc
+-rw-r--r--  1 root root       670 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt
+-rw-r--r--  1 root root   1779800 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txz.asc
+-rw-r--r--  1 root root       370 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt
+-rw-r--r--  1 root root    869132 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txz.asc
+-rw-r--r--  1 root root       592 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt
+-rw-r--r--  1 root root    605108 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txz.asc
+-rw-r--r--  1 root root       689 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt
+-rw-r--r--  1 root root    731384 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-10-25 18:43 ./patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txz.asc
+-rw-r--r--  1 root root       816 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt
+-rw-r--r--  1 root root    816792 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz
+-rw-r--r--  1 root root       163 2023-10-25 18:37 ./patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txz.asc
 -rw-r--r--  1 root root       463 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   9161204 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-03-05 20:29 ./patches/packages/xscreensaver-6.06-x86_64-1_slack15.0.txz.asc
@@ -1060,7 +1060,7 @@ drwxr-xr-x  2 root root      4096 2023-06-23 18:50 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       463 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    459652 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2023-04-05 18:16 ./patches/packages/zstd-1.5.5-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 93 root root      4096 2023-10-24 22:02 ./patches/source
+drwxr-xr-x 93 root root      4096 2023-10-26 19:04 ./patches/source
 drwxr-xr-x  2 root root      4096 2023-09-26 19:22 ./patches/source/Cython
 -rw-r--r--  1 root root   1623580 2023-07-04 19:24 ./patches/source/Cython/Cython-0.29.36.tar.lz
 -rwxr-xr-x  1 root root      3041 2023-09-26 19:23 ./patches/source/Cython/Cython.SlackBuild
@@ -1530,7 +1530,7 @@ drwxr-xr-x  2 root root      4096 2023-01-06 19:30 ./patches/source/mozilla-nss
 -rw-r--r--  1 root root  37770371 2023-01-05 18:00 ./patches/source/mozilla-nss/nss-3.87.tar.lz
 -rw-r--r--  1 root root      2488 2012-04-29 21:05 ./patches/source/mozilla-nss/nss-config.in
 -rw-r--r--  1 root root      1023 2018-02-27 06:12 ./patches/source/mozilla-nss/slack-desc
-drwxr-xr-x  4 root root      4096 2023-10-24 17:43 ./patches/source/mozilla-thunderbird
+drwxr-xr-x  4 root root      4096 2023-10-26 02:43 ./patches/source/mozilla-thunderbird
 drwxr-xr-x  2 root root      4096 2016-07-03 18:05 ./patches/source/mozilla-thunderbird/autoconf
 -rw-r--r--  1 root root      5869 2016-07-03 18:04 ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13-consolidated_fixes-1.patch.gz
 -rw-r--r--  1 root root    300116 1999-01-15 21:03 ./patches/source/mozilla-thunderbird/autoconf/autoconf-2.13.tar.xz
@@ -1555,8 +1555,8 @@ drwxr-xr-x  2 root root      4096 2023-10-24 18:53 ./patches/source/mozilla-thun
 -rw-r--r--  1 root root      3378 2005-03-08 05:13 ./patches/source/mozilla-thunderbird/mozilla-thunderbird.desktop
 -rw-r--r--  1 root root      1130 2018-02-27 06:47 ./patches/source/mozilla-thunderbird/slack-desc
 -rw-r--r--  1 root root       330 2019-08-27 16:35 ./patches/source/mozilla-thunderbird/tb.ui.scrollToClick.diff.gz
--rw-r--r--  1 root root 531269876 2023-10-24 12:39 ./patches/source/mozilla-thunderbird/thunderbird-115.4.0.source.tar.xz
--rw-r--r--  1 root root       833 2023-10-24 12:39 ./patches/source/mozilla-thunderbird/thunderbird-115.4.0.source.tar.xz.asc
+-rw-r--r--  1 root root 537988108 2023-10-25 17:21 ./patches/source/mozilla-thunderbird/thunderbird-115.4.1.source.tar.xz
+-rw-r--r--  1 root root       833 2023-10-25 17:21 ./patches/source/mozilla-thunderbird/thunderbird-115.4.1.source.tar.xz.asc
 drwxr-xr-x  2 root root      4096 2022-07-21 17:44 ./patches/source/net-snmp
 -rw-r--r--  1 root root       356 2021-12-21 18:38 ./patches/source/net-snmp/doinst.sh.gz
 -rw-r--r--  1 root root       607 2018-07-20 09:39 ./patches/source/net-snmp/net-snmp-5.7.2-cert-path.patch.gz
@@ -1935,7 +1935,7 @@ drwxr-xr-x  2 root root      4096 2022-11-16 19:13 ./patches/source/xfce4-settin
 -rw-r--r--  1 root root        83 2022-11-09 20:26 ./patches/source/xfce4-settings/xfce4-settings.url
 -rw-r--r--  1 root root       543 2012-07-19 19:32 ./patches/source/xfce4-settings/xfce4-settings.xft.defaults.diff.gz
 drwxr-xr-x 10 root root      4096 2022-07-12 20:19 ./patches/source/xorg-server
-drwxr-xr-x  2 root root      4096 2023-03-29 18:18 ./patches/source/xorg-server-xwayland
+drwxr-xr-x  2 root root      4096 2023-10-25 18:36 ./patches/source/xorg-server-xwayland
 -rw-r--r--  1 root root      1175 2022-07-12 17:02 ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
 -rw-r--r--  1 root root      2243 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch.gz
 -rw-r--r--  1 root root      1923 2022-07-12 17:03 ./patches/source/xorg-server-xwayland/0003-6907b6ea2b4ce949cb07271f5b678d5966d9df42.patch.gz
@@ -1951,13 +1951,14 @@ drwxr-xr-x  2 root root      4096 2023-03-29 18:18 ./patches/source/xorg-server-
 -rw-r--r--  1 root root      1049 2022-12-14 19:23 ./patches/source/xorg-server-xwayland/CVE-2022-46344.patch.gz
 -rw-r--r--  1 root root       605 2023-02-07 19:33 ./patches/source/xorg-server-xwayland/CVE-2023-0494.patch.gz
 -rw-r--r--  1 root root       792 2023-03-29 18:09 ./patches/source/xorg-server-xwayland/CVE-2023-1393.patch.gz
+-rw-r--r--  1 root root      1127 2023-10-25 18:35 ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch.gz
 -rw-r--r--  1 root root      1287 2021-04-18 18:21 ./patches/source/xorg-server-xwayland/slack-desc
--rwxr-xr-x  1 root root      6481 2023-03-29 18:18 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
+-rwxr-xr-x  1 root root      6585 2023-10-25 18:37 ./patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
 -rw-r--r--  1 root root   1261712 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz
 -rw-r--r--  1 root root        95 2021-12-14 14:01 ./patches/source/xorg-server-xwayland/xwayland-21.1.4.tar.xz.sig
 -rw-r--r--  1 root root       376 2021-01-16 18:58 ./patches/source/xorg-server/arch.use.flags
 drwxr-xr-x  2 root root      4096 2013-04-18 22:42 ./patches/source/xorg-server/build
--rw-r--r--  1 root root        12 2023-03-29 18:14 ./patches/source/xorg-server/build/xorg-server
+-rw-r--r--  1 root root        12 2023-10-25 18:41 ./patches/source/xorg-server/build/xorg-server
 drwxr-xr-x  2 root root      4096 2022-07-12 19:51 ./patches/source/xorg-server/configure
 -rw-r--r--  1 root root      3140 2021-12-26 22:45 ./patches/source/xorg-server/configure/xorg-server
 drwxr-xr-x  2 root root      4096 2013-04-18 22:43 ./patches/source/xorg-server/doinst.sh
@@ -1967,8 +1968,8 @@ drwxr-xr-x  2 root root      4096 2022-07-12 19:52 ./patches/source/xorg-server/
 -rw-r--r--  1 root root      1189 2018-05-03 12:16 ./patches/source/xorg-server/noarch
 -rw-r--r--  1 root root       833 2019-12-09 18:56 ./patches/source/xorg-server/package-blacklist
 drwxr-xr-x  3 root root      4096 2023-02-07 20:15 ./patches/source/xorg-server/patch
-drwxr-xr-x  2 root root      4096 2023-03-29 18:15 ./patches/source/xorg-server/patch/xorg-server
--rw-r--r--  1 root root      4885 2023-03-29 18:15 ./patches/source/xorg-server/patch/xorg-server.patch
+drwxr-xr-x  2 root root      4096 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server
+-rw-r--r--  1 root root      5193 2023-10-25 18:41 ./patches/source/xorg-server/patch/xorg-server.patch
 -rw-r--r--  1 root root       623 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch.gz
 -rw-r--r--  1 root root      3846 2018-07-15 18:32 ./patches/source/xorg-server/patch/xorg-server/0001-autobind-GPUs-to-the-screen.patch.gz
 -rw-r--r--  1 root root      1175 2022-07-12 17:02 ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch.gz
@@ -1989,6 +1990,8 @@ drwxr-xr-x  2 root root      4096 2023-03-29 18:15 ./patches/source/xorg-server/
 -rw-r--r--  1 root root      1049 2022-12-14 19:23 ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46344.patch.gz
 -rw-r--r--  1 root root       605 2023-02-07 19:33 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-0494.patch.gz
 -rw-r--r--  1 root root       792 2023-03-29 18:09 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-1393.patch.gz
+-rw-r--r--  1 root root      1127 2023-10-25 18:35 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch.gz
+-rw-r--r--  1 root root      1534 2023-10-25 18:40 ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch.gz
 -rw-r--r--  1 root root       298 2018-05-30 05:02 ./patches/source/xorg-server/patch/xorg-server/fix-nouveau-segfault.diff.gz
 -rw-r--r--  1 root root       357 2020-09-11 18:38 ./patches/source/xorg-server/patch/xorg-server/fix-pci-segfault.diff.gz
 -rw-r--r--  1 root root       340 2012-04-14 03:01 ./patches/source/xorg-server/patch/xorg-server/x11.startwithblackscreen.diff.gz
@@ -2742,10 +2745,10 @@ drwxr-xr-x  2 root root     16384 2022-02-02 08:24 ./slackware64/d
 -rw-r--r--  1 root root   9905788 2021-08-25 18:28 ./slackware64/d/gcc-gfortran-11.2.0-x86_64-2.txz
 -rw-r--r--  1 root root       163 2021-08-25 18:28 ./slackware64/d/gcc-gfortran-11.2.0-x86_64-2.txz.asc
 -rw-r--r--  1 root root       414 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txt
--rw-r--r--  1 root root  17424960 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz
--rw-r--r--  1 root root       163 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz.asc
--rw-r--r--  1 root root       572 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txt
--rw-r--r--  1 root root  15856348 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txz
+-rw-r--r-- 1 root root  17424960 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz
+-rw-r--r-- 1 root root       163 2021-08-25 18:28 ./slackware64/d/gcc-gnat-11.2.0-x86_64-2.txz.asc
+-rw-r--r-- 1 root root       572 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txt
+-rw-r--r-- 1 root root  15856348 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txz
 -rw-r--r-- 1 root root       163 2021-08-25 18:29 ./slackware64/d/gcc-go-11.2.0-x86_64-2.txz.asc
 -rw-r--r-- 1 root root       489 2021-08-25 18:28 ./slackware64/d/gcc-objc-11.2.0-x86_64-2.txt
 -rw-r--r-- 1 root root  11604124 2021-08-25 18:28 ./slackware64/d/gcc-objc-11.2.0-x86_64-2.txz
@@ -5475,10 +5478,10 @@ drwxr-xr-x 2 root root     32768 2022-02-01 04:47 ./slackware64/n
 -rw-r--r-- 1 root root       322 2021-06-15 18:38 ./slackware64/n/nfs-utils-2.5.4-x86_64-1.txt
 -rw-r--r-- 1 root root    383188 2021-06-15 18:38 ./slackware64/n/nfs-utils-2.5.4-x86_64-1.txz
 -rw-r--r-- 1 root root       163 2021-06-15 18:38 ./slackware64/n/nfs-utils-2.5.4-x86_64-1.txz.asc
--rw-r--r-- 1 root root       535 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txt
--rw-r--r-- 1 root root    328396 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz
--rw-r--r-- 1 root root       163 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz.asc
--rw-r--r-- 1 root root       297 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txt
+-rw-r--r--   1 root root      535 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txt
+-rw-r--r--   1 root root   328396 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz
+-rw-r--r--   1 root root      163 2021-11-19 20:47 ./slackware64/n/nftables-1.0.1-x86_64-1.txz.asc
+-rw-r--r--   1 root root      297 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txt
 -rw-r--r--   1 root root   106148 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txz
 -rw-r--r--   1 root root      163 2021-10-19 16:48 ./slackware64/n/nghttp2-1.46.0-x86_64-1.txz.asc
 -rw-r--r--   1 root root      649 2021-08-08 18:51 ./slackware64/n/nmap-7.92-x86_64-1.txt
@@ -8554,11 +8557,11 @@ drwxr-xr-x   2 root root     4096 2022-01-02 01:00 ./source/ap/usbmuxd
 -rw-r--r--   1 root root      182 2015-04-18 18:30 ./source/ap/usbmuxd/doinst.sh.gz
 -rwxr-xr-x   1 root root     2022 2020-07-09 18:37 ./source/ap/usbmuxd/fetch-usbmuxd.sh
 -rw-r--r--   1 root root      735 2018-02-27 06:13 ./source/ap/usbmuxd/slack-desc
--rw-r--r--   1 root root    53008 2021-09-25 01:29 ./source/ap/usbmuxd/usbmuxd-20210925_e3a3180.tar.xz
--rwxr-xr-x   1 root root     4256 2022-01-02 01:00 ./source/ap/usbmuxd/usbmuxd.SlackBuild
-drwxr-xr-x   2 root root     4096 2021-02-13 05:31 ./source/ap/vbetool
--rw-r--r--   1 root root      830 2018-02-27 06:12 ./source/ap/vbetool/slack-desc
--rw-r--r--   1 root root    24915 2015-12-20 20:37 ./source/ap/vbetool/vbetool-1.2.2.tar.gz
+-rw-r--r--   1 root root     53008 2021-09-25 01:29 ./source/ap/usbmuxd/usbmuxd-20210925_e3a3180.tar.xz
+-rwxr-xr-x   1 root root      4256 2022-01-02 01:00 ./source/ap/usbmuxd/usbmuxd.SlackBuild
+drwxr-xr-x   2 root root      4096 2021-02-13 05:31 ./source/ap/vbetool
+-rw-r--r--   1 root root       830 2018-02-27 06:12 ./source/ap/vbetool/slack-desc
+-rw-r--r--   1 root root     24915 2015-12-20 20:37 ./source/ap/vbetool/vbetool-1.2.2.tar.gz
 -rwxr-xr-x   1 root root      3202 2021-02-13 05:31 ./source/ap/vbetool/vbetool.SlackBuild
 -rw-r--r--   1 root root       129 2008-11-24 18:23 ./source/ap/vbetool/vbetool.info
 drwxr-xr-x   2 root root      4096 2022-01-29 19:09 ./source/ap/vim
@@ -15059,11 +15062,11 @@ drwxr-xr-x   2 root root      4096 2009-08-01 05:00 ./source/x/x11/doinst.sh
 -rw-r--r--   1 root root       283 2018-06-05 22:11 ./source/x/x11/doinst.sh/font-cronyx-cyrillic
 -rw-r--r--   1 root root       341 2018-06-05 22:11 ./source/x/x11/doinst.sh/font-cursor-misc
 -rw-r--r--   1 root root       341 2018-06-05 22:11 ./source/x/x11/doinst.sh/font-daewoo-misc
--rw-r--r--   1 root root       341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-dec-misc
--rw-r--r--   1 root root       277 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-ibm-type1
--rw-r--r--   1 root root       341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-isas-misc
--rw-r--r--   1 root root       341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-jis-misc
--rw-r--r--   1 root root       341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-micro-misc
+-rw-r--r--  1 root root       341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-dec-misc
+-rw-r--r--  1 root root       277 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-ibm-type1
+-rw-r--r--  1 root root       341 2018-06-05 22:12 ./source/x/x11/doinst.sh/font-isas-misc
+-rw-r--r--  1 root root       341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-jis-misc
+-rw-r--r--  1 root root       341 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-micro-misc
 -rw-r--r--  1 root root       283 2018-06-05 22:13 ./source/x/x11/doinst.sh/font-misc-cyrillic
 -rw-r--r--  1 root root       365 2018-06-05 22:14 ./source/x/x11/doinst.sh/font-misc-ethiopic
 -rw-r--r--  1 root root       273 2018-06-05 22:14 ./source/x/x11/doinst.sh/font-misc-meltho
diff --git a/patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txt b/patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txt
similarity index 100%
rename from patches/packages/mozilla-thunderbird-115.4.0-x86_64-1_slack15.0.txt
rename to patches/packages/mozilla-thunderbird-115.4.1-x86_64-1_slack15.0.txt
diff --git a/patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt b/patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt
similarity index 100%
rename from patches/packages/xorg-server-1.20.14-x86_64-8_slack15.0.txt
rename to patches/packages/xorg-server-1.20.14-x86_64-9_slack15.0.txt
diff --git a/patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt b/patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt
similarity index 100%
rename from patches/packages/xorg-server-xephyr-1.20.14-x86_64-8_slack15.0.txt
rename to patches/packages/xorg-server-xephyr-1.20.14-x86_64-9_slack15.0.txt
diff --git a/patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt b/patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt
similarity index 100%
rename from patches/packages/xorg-server-xnest-1.20.14-x86_64-8_slack15.0.txt
rename to patches/packages/xorg-server-xnest-1.20.14-x86_64-9_slack15.0.txt
diff --git a/patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt b/patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt
similarity index 100%
rename from patches/packages/xorg-server-xvfb-1.20.14-x86_64-8_slack15.0.txt
rename to patches/packages/xorg-server-xvfb-1.20.14-x86_64-9_slack15.0.txt
diff --git a/patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt b/patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt
similarity index 100%
rename from patches/packages/xorg-server-xwayland-21.1.4-x86_64-7_slack15.0.txt
rename to patches/packages/xorg-server-xwayland-21.1.4-x86_64-8_slack15.0.txt
diff --git a/patches/source/xorg-server-xwayland/CVE-2023-5367.patch b/patches/source/xorg-server-xwayland/CVE-2023-5367.patch
new file mode 100644
index 000000000..aef25e917
--- /dev/null
+++ b/patches/source/xorg-server-xwayland/CVE-2023-5367.patch
@@ -0,0 +1,81 @@
+From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 3 Oct 2023 11:53:05 +1000
+Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend
+
+The handling of appending/prepending properties was incorrect, with at
+least two bugs: the property length was set to the length of the new
+part only, i.e. appending or prepending N elements to a property with P
+existing elements always resulted in the property having N elements
+instead of N + P.
+
+Second, when pre-pending a value to a property, the offset for the old
+values was incorrect, leaving the new property with potentially
+uninitalized values and/or resulting in OOB memory writes.
+For example, prepending a 3 element value to a 5 element property would
+result in this 8 value array:
+  [N, N, N, ?, ?, P, P, P ] P, P
+                            ^OOB write
+
+The XI2 code is a copy/paste of the RandR code, so the bug exists in
+both.
+
+CVE-2023-5367, ZDI-CAN-22153
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ Xi/xiproperty.c    | 4 ++--
+ randr/rrproperty.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
+index 066ba21fba..d315f04d0e 100644
+--- a/Xi/xiproperty.c
++++ b/Xi/xiproperty.c
+@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
+                 XIDestroyDeviceProperty(prop);
+             return BadAlloc;
+         }
+-        new_value.size = len;
++        new_value.size = total_len;
+         new_value.type = type;
+         new_value.format = format;
+ 
+@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
+         case PropModePrepend:
+             new_data = new_value.data;
+             old_data = (void *) (((char *) new_value.data) +
+-                                  (prop_value->size * size_in_bytes));
++                                  (len * size_in_bytes));
+             break;
+         }
+         if (new_data)
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index c2fb9585c6..25469f57b2 100644
+--- a/randr/rrproperty.c
++++ b/randr/rrproperty.c
+@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
+                 RRDestroyOutputProperty(prop);
+             return BadAlloc;
+         }
+-        new_value.size = len;
++        new_value.size = total_len;
+         new_value.type = type;
+         new_value.format = format;
+ 
+@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
+         case PropModePrepend:
+             new_data = new_value.data;
+             old_data = (void *) (((char *) new_value.data) +
+-                                  (prop_value->size * size_in_bytes));
++                                  (len * size_in_bytes));
+             break;
+         }
+         if (new_data)
+-- 
+GitLab
+
+
diff --git a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
index 7d7d88d20..16b56263b 100755
--- a/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
+++ b/patches/source/xorg-server-xwayland/xorg-server-xwayland.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2016, 2018, 2019  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2016, 2018, 2019, 2023  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 PKGNAM=xorg-server-xwayland
 SRCNAM=xwayland
 VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-7_slack15.0}
+BUILD=${BUILD:-8_slack15.0}
 
 # Default font paths to be used by the X server:
 DEF_FONTPATH="/usr/share/fonts/misc,/usr/share/fonts/local,/usr/share/fonts/TTF,/usr/share/fonts/OTF,/usr/share/fonts/Type1,/usr/share/fonts/CID,/usr/share/fonts/75dpi/:unscaled,/usr/share/fonts/100dpi/:unscaled,/usr/share/fonts/75dpi,/usr/share/fonts/100dpi,/usr/share/fonts/cyrillic"
@@ -110,6 +110,9 @@ zcat $CWD/CVE-2023-1393.patch.gz | patch -p1 --verbose || exit 1
 # This prevents a crash with recent NVIDIA drivers.
 zcat $CWD/857.patch.gz | patch -p1 --verbose || exit 1
 
+# Patch another security issue:
+zcat $CWD/CVE-2023-5367.patch.gz | patch -p1 --verbose || exit 1
+
 # Configure, build, and install:
 export CFLAGS="$SLKCFLAGS"
 export CXXFLAGS="$SLKCFLAGS"
diff --git a/patches/source/xorg-server/build/xorg-server b/patches/source/xorg-server/build/xorg-server
index 05965f95a..7970fef66 100644
--- a/patches/source/xorg-server/build/xorg-server
+++ b/patches/source/xorg-server/build/xorg-server
@@ -1 +1 @@
-8_slack15.0
+9_slack15.0
diff --git a/patches/source/xorg-server/patch/xorg-server.patch b/patches/source/xorg-server/patch/xorg-server.patch
index e95f8b86f..a9dc46a2f 100644
--- a/patches/source/xorg-server/patch/xorg-server.patch
+++ b/patches/source/xorg-server/patch/xorg-server.patch
@@ -59,3 +59,8 @@ zcat $CWD/patch/xorg-server/857.patch.gz | patch -p1 --verbose || { touch ${SLAC
 
 # Patch another security issue:
 zcat $CWD/patch/xorg-server/CVE-2023-1393.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
+# Patch more security issues:
+zcat $CWD/patch/xorg-server/CVE-2023-5367.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+zcat $CWD/patch/xorg-server/CVE-2023-5380.patch.gz | patch -p1 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
+
diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch
new file mode 100644
index 000000000..aef25e917
--- /dev/null
+++ b/patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch
@@ -0,0 +1,81 @@
+From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 3 Oct 2023 11:53:05 +1000
+Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend
+
+The handling of appending/prepending properties was incorrect, with at
+least two bugs: the property length was set to the length of the new
+part only, i.e. appending or prepending N elements to a property with P
+existing elements always resulted in the property having N elements
+instead of N + P.
+
+Second, when pre-pending a value to a property, the offset for the old
+values was incorrect, leaving the new property with potentially
+uninitalized values and/or resulting in OOB memory writes.
+For example, prepending a 3 element value to a 5 element property would
+result in this 8 value array:
+  [N, N, N, ?, ?, P, P, P ] P, P
+                            ^OOB write
+
+The XI2 code is a copy/paste of the RandR code, so the bug exists in
+both.
+
+CVE-2023-5367, ZDI-CAN-22153
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ Xi/xiproperty.c    | 4 ++--
+ randr/rrproperty.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
+index 066ba21fba..d315f04d0e 100644
+--- a/Xi/xiproperty.c
++++ b/Xi/xiproperty.c
+@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
+                 XIDestroyDeviceProperty(prop);
+             return BadAlloc;
+         }
+-        new_value.size = len;
++        new_value.size = total_len;
+         new_value.type = type;
+         new_value.format = format;
+ 
+@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type,
+         case PropModePrepend:
+             new_data = new_value.data;
+             old_data = (void *) (((char *) new_value.data) +
+-                                  (prop_value->size * size_in_bytes));
++                                  (len * size_in_bytes));
+             break;
+         }
+         if (new_data)
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index c2fb9585c6..25469f57b2 100644
+--- a/randr/rrproperty.c
++++ b/randr/rrproperty.c
+@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
+                 RRDestroyOutputProperty(prop);
+             return BadAlloc;
+         }
+-        new_value.size = len;
++        new_value.size = total_len;
+         new_value.type = type;
+         new_value.format = format;
+ 
+@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type,
+         case PropModePrepend:
+             new_data = new_value.data;
+             old_data = (void *) (((char *) new_value.data) +
+-                                  (prop_value->size * size_in_bytes));
++                                  (len * size_in_bytes));
+             break;
+         }
+         if (new_data)
+-- 
+GitLab
+
+
diff --git a/patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch b/patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch
new file mode 100644
index 000000000..a358076dc
--- /dev/null
+++ b/patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch
@@ -0,0 +1,99 @@
+From 564ccf2ce9616620456102727acb8b0256b7bbd7 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Thu, 5 Oct 2023 12:19:45 +1000
+Subject: [PATCH] mi: reset the PointerWindows reference on screen switch
+
+PointerWindows[] keeps a reference to the last window our sprite
+entered - changes are usually handled by CheckMotion().
+
+If we switch between screens via XWarpPointer our
+dev->spriteInfo->sprite->win is set to the new screen's root window.
+If there's another window at the cursor location CheckMotion() will
+trigger the right enter/leave events later. If there is not, it skips
+that process and we never trigger LeaveWindow() - PointerWindows[] for
+the device still refers to the previous window.
+
+If that window is destroyed we have a dangling reference that will
+eventually cause a use-after-free bug when checking the window hierarchy
+later.
+
+To trigger this, we require:
+- two protocol screens
+- XWarpPointer to the other screen's root window
+- XDestroyWindow before entering any other window
+
+This is a niche bug so we hack around it by making sure we reset the
+PointerWindows[] entry so we cannot have a dangling pointer. This
+doesn't handle Enter/Leave events correctly but the previous code didn't
+either.
+
+CVE-2023-5380, ZDI-CAN-21608
+
+This vulnerability was discovered by:
+Sri working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: Adam Jackson <ajax@redhat.com>
+---
+ dix/enterleave.h   |  2 --
+ include/eventstr.h |  3 +++
+ mi/mipointer.c     | 17 +++++++++++++++--
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/dix/enterleave.h b/dix/enterleave.h
+index 4b833d8a3b..e8af924c68 100644
+--- a/dix/enterleave.h
++++ b/dix/enterleave.h
+@@ -58,8 +58,6 @@ extern void DeviceFocusEvent(DeviceIntPtr dev,
+ 
+ extern void EnterWindow(DeviceIntPtr dev, WindowPtr win, int mode);
+ 
+-extern void LeaveWindow(DeviceIntPtr dev);
+-
+ extern void CoreFocusEvent(DeviceIntPtr kbd,
+                            int type, int mode, int detail, WindowPtr pWin);
+ 
+diff --git a/include/eventstr.h b/include/eventstr.h
+index 93308f9b24..a9926eaeef 100644
+--- a/include/eventstr.h
++++ b/include/eventstr.h
+@@ -335,4 +335,7 @@ union _InternalEvent {
+     GestureEvent gesture_event;
+ };
+ 
++extern void
++LeaveWindow(DeviceIntPtr dev);
++
+ #endif
+diff --git a/mi/mipointer.c b/mi/mipointer.c
+index a638f25d4a..8cf0035140 100644
+--- a/mi/mipointer.c
++++ b/mi/mipointer.c
+@@ -397,8 +397,21 @@ miPointerWarpCursor(DeviceIntPtr pDev, ScreenPtr pScreen, int x, int y)
+ #ifdef PANORAMIX
+         && noPanoramiXExtension
+ #endif
+-        )
+-        UpdateSpriteForScreen(pDev, pScreen);
++        ) {
++            DeviceIntPtr master = GetMaster(pDev, MASTER_POINTER);
++            /* Hack for CVE-2023-5380: if we're moving
++             * screens PointerWindows[] keeps referring to the
++             * old window. If that gets destroyed we have a UAF
++             * bug later. Only happens when jumping from a window
++             * to the root window on the other screen.
++             * Enter/Leave events are incorrect for that case but
++             * too niche to fix.
++             */
++            LeaveWindow(pDev);
++            if (master)
++                LeaveWindow(master);
++            UpdateSpriteForScreen(pDev, pScreen);
++    }
+ }
+ 
+ /**
+-- 
+GitLab
+
+B
diff --git a/recompress.sh b/recompress.sh
index 4ce190d7b..e810e0a25 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -1198,6 +1198,7 @@ gzip ./patches/source/xorg-server-xwayland/CVE-2022-46341.patch
 gzip ./patches/source/xorg-server-xwayland/0002-dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.patch
 gzip ./patches/source/xorg-server-xwayland/CVE-2022-3550.patch
 gzip ./patches/source/xorg-server-xwayland/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch
+gzip ./patches/source/xorg-server-xwayland/CVE-2023-5367.patch
 gzip ./patches/source/seamonkey/autoconf/autoconf-2.13-consolidated_fixes-1.patch
 gzip ./patches/source/seamonkey/doinst.sh
 gzip ./patches/source/seamonkey/double_t.x86.diff
@@ -1240,6 +1241,7 @@ gzip ./patches/source/sdl/libsdl-1.2.15-resizing.patch
 gzip ./patches/source/emacs/d48bb4874bc6cd3e69c7a15fc3c91cc141025c51.patch
 gzip ./patches/source/emacs/doinst.sh
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46342.patch
+gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5380.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-46343.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/xorg-server.combo.mouse.keyboard.layout.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3553.patch
@@ -1263,6 +1265,7 @@ gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2022-3550.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/06_use-intel-only-on-pre-gen4.diff
 gzip ./patches/source/xorg-server/patch/xorg-server/0001-Always-install-vbe-and-int10-sdk-headers.patch
 gzip ./patches/source/xorg-server/patch/xorg-server/0001-f1070c01d616c5f21f939d5ebc533738779451ac.patch
+gzip ./patches/source/xorg-server/patch/xorg-server/CVE-2023-5367.patch
 gzip ./patches/source/zstd/zstd.dont.link.pzstd.to.static.libzstd.a.diff
 gzip ./patches/source/ksh93/doinst.sh
 gzip ./patches/source/xscreensaver/setuid.c