xorg server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent
and ProcXIQueryPointer

    Both DeviceFocusEvent and the XIQueryPointer reply contain a bit
    for each logical button currently down. Buttons can be arbitrarily
    mapped to any value up to 255 but the X.Org Server was only
    allocating space for the device's number of buttons,
    leading to a heap overflow if a bigger value was used.

CVE-2024-0229: Reattaching to different master device may lead
to out-of-bounds memory access

    If a device has both a button class and a key class and
    numButtons is zero, we can get an out-of-bounds write due
    to event under-allocation in the DeliverStateNotifyEvent
    function.

CVE-2024-21885: Heap buffer overflow in
XISendDeviceHierarchyEvent

    The XISendDeviceHierarchyEvent() function allocates space to
    store up to MAXDEVICES (256) xXIHierarchyInfo structures in info.
    If a device with a given ID was removed and a new device with
    the same ID added both in the same operation,
    the single device ID will lead to two info structures being
    written to info.
    Since this case can occur for every device ID at once,
    a total of two times MAXDEVICES info structures might be written
    to the allocation, leading to a heap buffer overflow.

CVE-2024-21886: Heap buffer overflow in DisableDevice

    The DisableDevice() function is called whenever an enabled device
    is disabled and it moves the device from the inputInfo.devices
    linked list to the inputInfo.off_devices linked list.
    However, its link/unlink operation has an issue during the recursive
    call to DisableDevice() due to the prev pointer pointing to a
    removed device.
    This issue leads to a length mismatch between the total number of
    devices and the number of device in the list, leading to a heap
    overflow and, possibly, to local privilege escalation.