diff --git a/debian/changelog b/debian/changelog
index 8ee3aba0b278dc11a93921d6209dacb582f19564..a00e73e0538cfac985ad683fed6f96e9dbbd1cd0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+xorg-server (2:1.20.11-1+deb11u10) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Sync "Xi: allocate enough XkbActions for our buttons" (CVE-2023-6377)
+    The original upstream patch applied for CVE-2023-6377 was incomplete and
+    still allows OOM access.
+    This update syncs the patch with the upstream applied patch.
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 15 Dec 2023 06:14:11 +0100
+
 xorg-server (2:1.20.11-1+deb11u9+apertis1) apertis; urgency=medium
 
   * Sync updates from Debian Bullseye Security.
diff --git a/debian/patches/Xi-allocate-enough-XkbActions-for-our-buttons.patch b/debian/patches/Xi-allocate-enough-XkbActions-for-our-buttons.patch
index 558eb6f0de28eab05242e73efb9ac68439e48518..88f8ec0cf20929983d59fe9efa99fa069807b077 100644
--- a/debian/patches/Xi-allocate-enough-XkbActions-for-our-buttons.patch
+++ b/debian/patches/Xi-allocate-enough-XkbActions-for-our-buttons.patch
@@ -1,7 +1,7 @@
-From ff830d3c47c92e7c810055b9fd56ae22fc1d5346 Mon Sep 17 00:00:00 2001
+From 0c1a93d319558fe3ab2d94f51d174b4f93810afd Mon Sep 17 00:00:00 2001
 From: Peter Hutterer <peter.hutterer@who-t.net>
 Date: Tue, 28 Nov 2023 15:19:04 +1000
-Subject: [PATCH xserver] Xi: allocate enough XkbActions for our buttons
+Subject: [PATCH] Xi: allocate enough XkbActions for our buttons
 
 button->xkb_acts is supposed to be an array sufficiently large for all
 our buttons, not just a single XkbActions struct. Allocating
@@ -14,27 +14,28 @@ CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
 This vulnerability was discovered by:
 Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
 ---
- Xi/exevents.c |  8 ++++++--
- dix/devices.c | 11 +++++++++++
- 2 files changed, 17 insertions(+), 2 deletions(-)
+ Xi/exevents.c | 12 ++++++------
+ dix/devices.c | 10 ++++++++++
+ 2 files changed, 16 insertions(+), 6 deletions(-)
 
 diff --git a/Xi/exevents.c b/Xi/exevents.c
-index dcd4efb3bc..f24de9eec4 100644
+index dcd4efb3bc7a..54ea11a93872 100644
 --- a/Xi/exevents.c
 +++ b/Xi/exevents.c
-@@ -612,12 +612,16 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+         }
  
          if (from->button->xkb_acts) {
-             if (!to->button->xkb_acts) {
+-            if (!to->button->xkb_acts) {
 -                to->button->xkb_acts = calloc(1, sizeof(XkbAction));
-+                to->button->xkb_acts = calloc(from->button->numButtons, sizeof(XkbAction));
-                 if (!to->button->xkb_acts)
-                     FatalError("[Xi] not enough memory for xkb_acts.\n");
-+            } else {
-+                to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
-+                                                       from->button->numButtons,
-+                                                       sizeof(XkbAction));
-             }
+-                if (!to->button->xkb_acts)
+-                    FatalError("[Xi] not enough memory for xkb_acts.\n");
+-            }
++            size_t maxbuttons = max(to->button->numButtons, from->button->numButtons);
++            to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
++                                                   maxbuttons,
++                                                   sizeof(XkbAction));
++            memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
              memcpy(to->button->xkb_acts, from->button->xkb_acts,
 -                   sizeof(XkbAction));
 +                   from->button->numButtons * sizeof(XkbAction));
@@ -42,10 +43,10 @@ index dcd4efb3bc..f24de9eec4 100644
          else {
              free(to->button->xkb_acts);
 diff --git a/dix/devices.c b/dix/devices.c
-index 7150734a58..deb3010206 100644
+index b063128df072..3f3224d6264f 100644
 --- a/dix/devices.c
 +++ b/dix/devices.c
-@@ -2530,6 +2530,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+@@ -2539,6 +2539,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
  
      if (master->button && master->button->numButtons != maxbuttons) {
          int i;
@@ -54,7 +55,7 @@ index 7150734a58..deb3010206 100644
          DeviceChangedEvent event = {
              .header = ET_Internal,
              .type = ET_DeviceChanged,
-@@ -2540,6 +2542,15 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+@@ -2549,6 +2551,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
          };
  
          master->button->numButtons = maxbuttons;
@@ -66,7 +67,6 @@ index 7150734a58..deb3010206 100644
 +                   0,
 +                   (maxbuttons - last_num_buttons) * sizeof(XkbAction));
 +        }
-+
  
          memcpy(&event.buttons.names, master->button->labels, maxbuttons *
                 sizeof(Atom));