- CVE-2014-8091 denial of service due to unchecked malloc in client
  authentication (#1168680)
- CVE-2014-8092 integer overflow in X11 core protocol requests when
  calculating memory needs for requests (#1168684)
- CVE-2014-8097 out of bounds access due to not validating length or offset
  values in DBE extension (#1168705)
- CVE-2014-8095 out of bounds access due to not validating length or offset
  values in XInput extension (#1168694)
- CVE-2014-8096 out of bounds access due to not validating length or offset
  values in XC-MISC extension(#1168700)
- CVE-2014-8099 out of bounds access due to not validating length or offset
  values in XVideo extension (#1168710)
- CVE-2014-8100 out of bounds access due to not validating length or offset
  values in Render extension (#1168711)
- CVE-2014-8102 out of bounds access due to not validating length or offset
  values in XFixes extension (#1168714)
- CVE-2014-8101 out of bounds access due to not validating length or offset
  values in RandR extension (#1168713)
- CVE-2014-8093 xorg-x11-server: integer overflow in GLX extension requests
  when calculating memory needs for requests (#1168688)
- CVE-2014-8098 xorg-x11-server: out of bounds access due to not validating
  length or offset values in GLX extension (#1168707)

- CVE-2013-6424: Fix OOB in trapezoid rasterization

- CVE-2013-4396: Fix use-after free in ImageText requests (#1014561)

- cve-2011-4028.patch: File existence disclosure vulnerability.

- cve-2011-4818.patch: Multiple input sanitization flaws in Render and GLX
- xorg-x11-server-1.1.0-mesa-copy-sub-buffer.patch: Likewise.

- xserver-1.1.1-mod-macro-parens.patch: Fix insufficient parentheses in
  Render and arc computation code. (#495733)