diff -u libxcursor-1.1.14/debian/changelog libxcursor-1.1.14/debian/changelog
--- libxcursor-1.1.14/debian/changelog
+++ libxcursor-1.1.14/debian/changelog
@@ -1,3 +1,11 @@
+libxcursor (1:1.1.14-1ubuntu0.14.04.2) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Denial of service
+    - debian/patches/CVE-2015-9262.patch: fix in src/library.c.
+    - CVE-2015-9262
+
+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 02 Aug 2018 11:39:53 -0300
+
 libxcursor (1:1.1.14-1ubuntu0.14.04.1) trusty-security; urgency=medium
 
   * SECURITY UPDATE: heap overflows when parsing malicious files
diff -u libxcursor-1.1.14/debian/patches/series libxcursor-1.1.14/debian/patches/series
--- libxcursor-1.1.14/debian/patches/series
+++ libxcursor-1.1.14/debian/patches/series
@@ -1,0 +2 @@
+CVE-2015-9262.patch
only in patch2:
unchanged:
--- libxcursor-1.1.14.orig/debian/patches/CVE-2015-9262.patch
+++ libxcursor-1.1.14/debian/patches/CVE-2015-9262.patch
@@ -0,0 +1,31 @@
+From 897213f36baf6926daf6d192c709cf627aa5fd05 Mon Sep 17 00:00:00 2001
+From: shubham shrivastav <shubham.sh@samsung.com>
+Date: Fri, 5 Jun 2015 13:36:22 -0700
+Subject: Insufficient memory for terminating null of string in
+ _XcursorThemeInherits
+
+Fix does one byte of memory allocation for null termination of string.
+https://bugs.freedesktop.org/show_bug.cgi?id=90857
+
+Reviewed-by: Keith Packard <keithp@keithp.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/library.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/library.c b/src/library.c
+index f08e8f0..fd040ce 100644
+--- a/src/library.c
++++ b/src/library.c
+@@ -180,7 +180,7 @@ _XcursorThemeInherits (const char *full)
+ 		if (*l != '=') continue;
+ 		l++;
+ 		while (*l == ' ') l++;
+-		result = malloc (strlen (l));
++		result = malloc (strlen (l) + 1);
+ 		if (result)
+ 		{
+ 		    r = result;
+-- 
+cgit v1.1
+