- CVE-2014-8091 denial of service due to unchecked malloc in client
  authentication (#1168680)
- CVE-2014-8092 integer overflow in X11 core protocol requests when
  calculating memory needs for requests (#1168684)
- CVE-2014-8097 out of bounds access due to not validating length or offset
  values in DBE extension (#1168705)
- CVE-2014-8095 out of bounds access due to not validating length or offset
  values in XInput extension (#1168694)
- CVE-2014-8096 out of bounds access due to not validating length or offset
  values in XC-MISC extension(#1168700)
- CVE-2014-8099 out of bounds access due to not validating length or offset
  values in XVideo extension (#1168710)
- CVE-2014-8100 out of bounds access due to not validating length or offset
  values in Render extension (#1168711)
- CVE-2014-8102 out of bounds access due to not validating length or offset
  values in XFixes extension (#1168714)
- CVE-2014-8101 out of bounds access due to not validating length or offset
  values in RandR extension (#1168713)
- CVE-2014-8093 xorg-x11-server: integer overflow in GLX extension requests
  when calculating memory needs for requests (#1168688)
- CVE-2014-8098 xorg-x11-server: out of bounds access due to not validating
  length or offset values in GLX extension (#1168707)

- xserver-1.1.1-randr-config-timestamps.patch: Backport timestamp comparison
  fix from upstream RANDR code (#1006076)

- CVE-2013-6424: Fix OOB in trapezoid rasterization

- CVE-2013-4396: Fix use-after free in ImageText requests (#1014561)

- xserver-1.1.1-more-regen-leaks.patch: Fix a crash on exit in XKB (#960950)

- xserver-1.1.1-more-regen-leaks.patch: Cope with root cursor refcounting
  being differently broken in different DDXes. (#498357)

- fix prgn leak patch to use REGION_DESTROY

- xserver-1.1.1-randr-select-input-endian.patch: Fix byteswapping of
  RRSelectInput. (#794810)

- cve-2011-4028.patch: File existence disclosure vulnerability.

- cve-2011-4818.patch: Multiple input sanitization flaws in Render and GLX
- xorg-x11-server-1.1.0-mesa-copy-sub-buffer.patch: Likewise.

- Fix cursor confined to one screen issue (#694728)
- Fix mouse stuck on left edge (#529717)

- xserver-1.1.1-dbe-validate-gc.patch: Validate DBE GCs against both
  buffers (#626328)

- xserver-1.1.1-mod-macro-parens.patch: Fix insufficient parentheses in
  Render and arc computation code. (#495733)

- xserver-1.1.1-no-randr-while-off-vt.patch: Also for RANDR 1.2 (#496108)

- fix randr overlapping screens issue (#537759)

- Rebuild against new proto-devel (#439797)

- randr-source-compat.patch - backport fixes from upstream (#466987)
- xserver-1.1.1-fb24-32-fix.patch + xserver-1.1.1-ia64-memops.patch:
- Altix fixes to make nautilus + s-c-d work. (#468015)