* CVE security review [1/2]:
  - Update 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch.
    Use xfree() instead of free() in nx-libs.
  - Update 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch.
    Apply correctly on nx-libs 3.6.x.
  - Update 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch.
    Human-readable version of "1 MB".