X.Org Security Advisory: May 23, 2013, just seen at www.X.org

[jtowler%soncom.com@localhost (John R. Towler)]

Hello,
        I was just looking around at http://www.X.org/ for i18n keyboard
        programming instructions/documentation and I saw this Security
        Advisory.  
        
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

X.Org Security Advisory: May 23, 2013

Protocol handling issues in X Window System client libraries

Description

Ilja van Sprundel, a security researcher with IOActive, has discovered a
large number of issues in the way various X client libraries handle the
responses they receive from servers, and has worked with X.Org's
security team to analyze, confirm, and fix these issues.

Most of these issues stem from the client libraries trusting the server
to send correct protocol data, and not verifying that the values will
not overflow or cause other damage.
...

(here cut short by me)
        (Resuming my note:) I just built NetBSD 6.1 from the cvs -r
        6-1-RELEASE sources last Friday, May 17th (May 16th src, xsrc),
        and I checked the cvsweb versions for say the libX11 advisory of
        this, and NetBSD's is all a couple years old on average for the
        file dates.  (So, their v7.7 with libX11 of 1.5.99.901 (1.6 RC1)
        or earlier advisory which is their first version number.  It
        appears that our version is still by date and specific library
        between v7.3 something and 7.6 something from when I had
        swi-prolog libXt problems. )  I just wanted to pass this along
        to the people keeping the xsrc tree up to date and working the
        best for NetBSD with the right versions, who know this stuff
        well etc.  Thanks.


        John R. Towler
        jtowler%soncom.com@localhost