FreeBSD: VID-9e2fdfc7-e237-4393-9fa5-2d50908c66b3 (CVE-2023-5367): xorg-server -- Multiple vulnerabilities

The X.Org project reports: ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty When prepending values to an existing property an invalid offset calculation causes the existing values to be appended at the wrong offset. The resulting memcpy() would write into memory outside the heap-allocated array. ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in DestroyWindow This vulnerability requires a legacy multi-screen setup with multiple protocol screens ("Zaphod"). If the pointer is warped from one screen to the root window of the other screen, the enter/leave code may retain a reference to the previous pointer window. Destroying this window leaves that reference in place, other windows may then trigger a use-after-free bug when they are destroyed.