diff --git a/debian/changelog b/debian/changelog
index 3efa1b737a7364c11453603518965550e8f63fc1..0ba60a4db86c80419e50ec690b9d4a9a062c68b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xorg-server (2:1.20.11-1+deb11u14) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2024-9632
+    xkb: Fix buffer overflow in _XkbSetCompatMap()
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Sun, 27 Oct 2024 12:03:02 +0100
+
 xorg-server (2:1.20.11-1+deb11u13) bullseye-security; urgency=high
 
   * render: Avoid possible double-free in ProcRenderAddGlyphs()
diff --git a/debian/patches/series b/debian/patches/series
index 790af95b0fdd4d006899c5d3194ca8d27333e898..e1e46f881b66b4bff3e36e0dc553bc020c95e4c0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -41,3 +41,5 @@ dix-Fix-use-after-free-in-input-device-shutdown.patch
 20240403/0003-Xquartz-ProcAppleDRICreatePixmap-needs-to-use-unswap.patch
 20240403/0004-render-fix-refcounting-of-glyphs-during-ProcRenderAd.patch
 20240403/0005-render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
+
+xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
diff --git a/debian/patches/xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch b/debian/patches/xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
new file mode 100644
index 0000000000000000000000000000000000000000..60a877e6045e2259bee9dae8e1f81322f9f3c262
--- /dev/null
+++ b/debian/patches/xkb-Fix-buffer-overflow-in-_XkbSetCompatMap.patch
@@ -0,0 +1,51 @@
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Thu, 10 Oct 2024 10:37:28 +0200
+Subject: xkb: Fix buffer overflow in _XkbSetCompatMap()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-9632
+
+The _XkbSetCompatMap() function attempts to resize the `sym_interpret`
+buffer.
+
+However, It didn't update its size properly. It updated `num_si` only,
+without updating `size_si`.
+
+This may lead to local privilege escalation if the server is run as root
+or remote code execution (e.g. x11 over ssh).
+
+CVE-2024-9632, ZDI-CAN-24756
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
+Reviewed-by: José Expósito <jexposit@redhat.com>
+---
+ xkb/xkb.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+Index: xorg-server-1.20.11/xkb/xkb.c
+===================================================================
+--- xorg-server-1.20.11.orig/xkb/xkb.c	2024-10-27 14:28:10.550089919 +0100
++++ xorg-server-1.20.11/xkb/xkb.c	2024-10-27 14:28:10.546089918 +0100
+@@ -2993,13 +2993,13 @@
+         XkbSymInterpretPtr sym;
+         unsigned int skipped = 0;
+ 
+-        if ((unsigned) (req->firstSI + req->nSI) > compat->num_si) {
+-            compat->num_si = req->firstSI + req->nSI;
++        if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) {
++            compat->num_si = compat->size_si = req->firstSI + req->nSI;
+             compat->sym_interpret = reallocarray(compat->sym_interpret,
+-                                                 compat->num_si,
++                                                 compat->size_si,
+                                                  sizeof(XkbSymInterpretRec));
+             if (!compat->sym_interpret) {
+-                compat->num_si = 0;
++                compat->num_si = compat->size_si = 0;
+                 return BadAlloc;
+             }
+         }