Update from debian/bullseye-security for apertis/v2023-security

debian/changelog

+xorg-server (2:1.20.11-1+deb11u8+apertis1) apertis; urgency=medium
+
+  * Sync updates from Debian Bullseye Security.
+  * Remaining Apertis specific changes:
+    + Add patch disable-libgl-in-xwayland.patch to disable glamor and
+      glxvnd in xwayland to avoid Xwayland depending on big GL.
+
+ -- Apertis CI <devel@lists.apertis.org>  Thu, 02 Nov 2023 09:12:36 +0000
+
+xorg-server (2:1.20.11-1+deb11u8) bullseye-security; urgency=high
+
+  * 0003-mi-fix-CloseScreen-initialization-order.patch,
+    0004-fb-properly-wrap-unwrap-CloseScreen.patch: drop, causes other
+    bugs that are worse than CVE-2023-5574.
+
+ -- Julien Cristau <jcristau@debian.org>  Wed, 25 Oct 2023 09:47:13 +0200
+
+xorg-server (2:1.20.11-1+deb11u7) bullseye-security; urgency=high
+
+  * Xi/randr: fix handling of PropModeAppend/Prepend (CVE-2023-5367)
+  * mi: reset the PointerWindows reference on screen switch (CVE-2023-5380)
+  * mi: fix CloseScreen initialization order
+  * fb: properly wrap/unwrap CloseScreen (CVE-2023-5574)
+
+ -- Julien Cristau <jcristau@debian.org>  Mon, 23 Oct 2023 19:26:14 +0200
+
 xorg-server (2:1.20.11-1+deb11u6+apertis1) apertis; urgency=medium
 
   * Sync updates from Debian Bullseye Security.