diff -r 800e8c2d47f1 -r d5dacbb8de2b open-src/lib/libXt/CVE-2013-2002.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/open-src/lib/libXt/CVE-2013-2002.patch	Wed May 15 13:44:02 2013 -0700
@@ -0,0 +1,78 @@
+From 9264a21b688891dbdcee630ff72cf39aa75fc4e1 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sat, 9 Mar 2013 11:44:14 -0800
+Subject: [PATCH:libXt 2/3] unvalidated length in _XtResourceConfigurationEH
+ [CVE-2013-2002]
+
+The RCM_DATA property is expected to be in the format:
+    resource_length, resource, value
+
+If the property contains a resource_length thats results in a pointer
+outside the property string, memory corruption can occur.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/ResConfig.c |   41 ++++++++++++++++++++++++++---------------
+ 1 file changed, 26 insertions(+), 15 deletions(-)
+
+diff --git a/src/ResConfig.c b/src/ResConfig.c
+index 68da536..1f3edbe 100644
+--- a/src/ResConfig.c
++++ b/src/ResConfig.c
+@@ -971,26 +971,37 @@ _XtResourceConfigurationEH (
+ 	 *      resource and value fields.
+ 	 */
+ 		if (data) {
++			char *data_end = data + nitems;
++			char *data_value;
++
+ 			resource_len = Strtoul ((void *)data, &data_ptr, 10);
+-			data_ptr++;
+ 
+-			data_ptr[resource_len] = '\0';
++			if (data_ptr != (char *) data) {
++				data_ptr++;
++				data_value = data_ptr + resource_len;
++			} else /* strtoul failed to convert a number */
++				data_ptr = data_value = NULL;
++
++			if (data_value > data_ptr && data_value < data_end) {
++				*data_value++ = '\0';
+ 
+-			resource = XtNewString (data_ptr);
+-			value = XtNewString (&data_ptr[resource_len + 1]);
++				resource = XtNewString (data_ptr);
++				value = XtNewString (data_value);
+ #ifdef DEBUG
+-			fprintf (stderr, "resource_len=%d\n",resource_len);
+-			fprintf (stderr, "resource = %s\t value = %s\n",
+-					resource, value);
++				fprintf (stderr, "resource_len=%d\n"
++					 resource_len);
++				fprintf (stderr, "resource = %s\t value = %s\n",
++					 resource, value);
+ #endif
+-			/*
+-			 * descend the application widget tree and
+-			 * apply the value to the appropriate widgets
+-			 */
+-			_search_widget_tree (w, resource, value);
+-
+-			XtFree (resource);
+-			XtFree (value);
++				/*
++				 * descend the application widget tree and
++				 * apply the value to the appropriate widgets
++				 */
++				_search_widget_tree (w, resource, value);
++
++				XtFree (resource);
++				XtFree (value);
++			}
+ 		}
+ 	}
+ 
+-- 
+1.7.9.2
+