diff -Nru xwayland-22.1.1/debian/changelog xwayland-22.1.1/debian/changelog
--- xwayland-22.1.1/debian/changelog	2022-12-07 14:12:14.000000000 +0000
+++ xwayland-22.1.1/debian/changelog	2023-02-07 13:06:17.000000000 +0000
@@ -1,3 +1,12 @@
+xwayland (2:22.1.1-1ubuntu0.5) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: DeepCopyPointerClasses use-after-free
+    - debian/patches/CVE-2023-0494.patch: fix potential use-after-free in
+      Xi/exevents.c.
+    - CVE-2023-0494
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 07 Feb 2023 08:06:17 -0500
+
 xwayland (2:22.1.1-1ubuntu0.4) jammy-security; urgency=medium
 
   * SECURITY UPDATE: XTestSwapFakeInput stack overflow
diff -Nru xwayland-22.1.1/debian/patches/CVE-2023-0494.patch xwayland-22.1.1/debian/patches/CVE-2023-0494.patch
--- xwayland-22.1.1/debian/patches/CVE-2023-0494.patch	1970-01-01 00:00:00.000000000 +0000
+++ xwayland-22.1.1/debian/patches/CVE-2023-0494.patch	2023-02-07 13:06:11.000000000 +0000
@@ -0,0 +1,34 @@
+From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 25 Jan 2023 11:41:40 +1000
+Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses
+
+CVE-2023-0494, ZDI-CAN-19596
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ Xi/exevents.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 217baa956..dcd4efb3b 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+                    sizeof(XkbAction));
+         }
+-        else
++        else {
+             free(to->button->xkb_acts);
++            to->button->xkb_acts = NULL;
++        }
+ 
+         memcpy(to->button->labels, from->button->labels,
+                from->button->numButtons * sizeof(Atom));
+-- 
+GitLab
+
diff -Nru xwayland-22.1.1/debian/patches/series xwayland-22.1.1/debian/patches/series
--- xwayland-22.1.1/debian/patches/series	2022-12-07 14:12:04.000000000 +0000
+++ xwayland-22.1.1/debian/patches/series	2023-02-07 13:06:11.000000000 +0000
@@ -11,3 +11,4 @@
 CVE-2022-46344-1.patch
 CVE-2022-46344-2.patch
 CVE-2022-4283.patch
+CVE-2023-0494.patch