The libXcursor fix for CVE-2013-2003 has never been imported into wayland, leaving it vulnerable to it.
Changing the argument type to an unsigned type is an effective merge of Ilja Van Sprundel's commit in libXcursor.
Signed-off-by: Tobias Stoeckmann tobias@stoeckmann.org