diff -u libxcursor-1.1.14/debian/control libxcursor-1.1.14/debian/control
--- libxcursor-1.1.14/debian/control
+++ libxcursor-1.1.14/debian/control
@@ -1,7 +1,8 @@
 Source: libxcursor
 Section: devel
 Priority: optional
-Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
 Uploaders: Drew Parsons <dparsons@debian.org>, Cyril Brulebois <kibi@debian.org>
 Build-Depends:
  debhelper (>= 8.1.3),
diff -u libxcursor-1.1.14/debian/changelog libxcursor-1.1.14/debian/changelog
--- libxcursor-1.1.14/debian/changelog
+++ libxcursor-1.1.14/debian/changelog
@@ -1,3 +1,19 @@
+libxcursor (1:1.1.14-1ubuntu0.14.04.2) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Denial of service
+    - debian/patches/CVE-2015-9262.patch: fix in src/library.c.
+    - CVE-2015-9262
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 02 Aug 2018 11:39:53 -0300
+
+libxcursor (1:1.1.14-1ubuntu0.14.04.1) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: heap overflows when parsing malicious files
+    - debian/patches/CVE-2017-16612.patch: add checks to src/file.c.
+    - CVE-2017-16612
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 29 Nov 2017 08:04:05 -0500
+
 libxcursor (1:1.1.14-1) unstable; urgency=low
 
   * New upstream release.
only in patch2:
unchanged:
--- libxcursor-1.1.14.orig/debian/patches/CVE-2015-9262.patch
+++ libxcursor-1.1.14/debian/patches/CVE-2015-9262.patch
@@ -0,0 +1,31 @@
+From 897213f36baf6926daf6d192c709cf627aa5fd05 Mon Sep 17 00:00:00 2001
+From: shubham shrivastav <shubham.sh@samsung.com>
+Date: Fri, 5 Jun 2015 13:36:22 -0700
+Subject: Insufficient memory for terminating null of string in
+ _XcursorThemeInherits
+
+Fix does one byte of memory allocation for null termination of string.
+https://bugs.freedesktop.org/show_bug.cgi?id=90857
+
+Reviewed-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/library.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/library.c b/src/library.c
+index f08e8f0..fd040ce 100644
+--- a/src/library.c
++++ b/src/library.c
+@@ -180,7 +180,7 @@ _XcursorThemeInherits (const char *full)
+ 		if (*l != '=') continue;
+ 		l++;
+ 		while (*l == ' ') l++;
+-		result = malloc (strlen (l));
++		result = malloc (strlen (l) + 1);
+ 		if (result)
+ 		{
+ 		    r = result;
+-- 
+cgit v1.1
+
only in patch2:
unchanged:
--- libxcursor-1.1.14.orig/debian/patches/CVE-2017-16612.patch
+++ libxcursor-1.1.14/debian/patches/CVE-2017-16612.patch
@@ -0,0 +1,67 @@
+From 4794b5dd34688158fb51a2943032569d3780c4b8 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sat, 21 Oct 2017 23:47:52 +0200
+Subject: Fix heap overflows when parsing malicious files. (CVE-2017-16612)
+
+It is possible to trigger heap overflows due to an integer overflow
+while parsing images and a signedness issue while parsing comments.
+
+The integer overflow occurs because the chosen limit 0x10000 for
+dimensions is too large for 32 bit systems, because each pixel takes
+4 bytes. Properly chosen values allow an overflow which in turn will
+lead to less allocated memory than needed for subsequent reads.
+
+The signedness bug is triggered by reading the length of a comment
+as unsigned int, but casting it to int when calling the function
+XcursorCommentCreate. Turning length into a negative value allows the
+check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
+addition of sizeof (XcursorComment) + 1 makes it possible to allocate
+less memory than needed for subsequent reads.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+
+Index: libxcursor-1.1.14/src/file.c
+===================================================================
+--- libxcursor-1.1.14.orig/src/file.c	2017-11-29 08:03:53.709210764 -0500
++++ libxcursor-1.1.14/src/file.c	2017-11-29 08:03:53.705210713 -0500
+@@ -29,6 +29,11 @@ XcursorImageCreate (int width, int heigh
+ {
+     XcursorImage    *image;
+ 
++    if (width < 0 || height < 0)
++       return NULL;
++    if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
++       return NULL;
++
+     image = malloc (sizeof (XcursorImage) +
+ 		    width * height * sizeof (XcursorPixel));
+     if (!image)
+@@ -102,7 +107,7 @@ XcursorCommentCreate (XcursorUInt commen
+ {
+     XcursorComment  *comment;
+ 
+-    if (length > XCURSOR_COMMENT_MAX_LEN)
++    if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN)
+ 	return NULL;
+ 
+     comment = malloc (sizeof (XcursorComment) + length + 1);
+@@ -449,7 +454,8 @@ _XcursorReadImage (XcursorFile		*file,
+     if (!_XcursorReadUInt (file, &head.delay))
+ 	return NULL;
+     /* sanity check data */
+-    if (head.width >= 0x10000 || head.height > 0x10000)
++    if (head.width > XCURSOR_IMAGE_MAX_SIZE  ||
++	head.height > XCURSOR_IMAGE_MAX_SIZE)
+ 	return NULL;
+     if (head.width == 0 || head.height == 0)
+ 	return NULL;
+@@ -458,6 +464,8 @@ _XcursorReadImage (XcursorFile		*file,
+ 
+     /* Create the image and initialize it */
+     image = XcursorImageCreate (head.width, head.height);
++    if (image == NULL)
++	return NULL;
+     if (chunkHeader.version < image->version)
+ 	image->version = chunkHeader.version;
+     image->size = chunkHeader.subtype;
only in patch2:
unchanged:
--- libxcursor-1.1.14.orig/debian/patches/series
+++ libxcursor-1.1.14/debian/patches/series
@@ -0,0 +1,2 @@
+CVE-2017-16612.patch
+CVE-2015-9262.patch