Added patch to fix possible use-after-free in wineserver device IPR code.

patches/server-Release_File/0001-server-Delay-destruction-of-file-object-in-set_irp_r.patch

@@ -0,0 +1,32 @@
+From 12bf8396bd22a181e9d49c70b84b98b85eacefea Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Tue, 16 Jun 2015 03:16:10 +0200
+Subject: server: Delay destruction of file object in set_irp_result.
+
+---
+ server/device.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/server/device.c b/server/device.c
+index dc0325e..da99c32 100644
+--- a/server/device.c
++++ b/server/device.c
+@@ -288,7 +288,6 @@ static void set_irp_result( struct irp_call *irp, unsigned int status,
+     irp->out_size = min( irp->out_size, out_size );
+     if (irp->out_size && !(irp->out_data = memdup( out_data, irp->out_size )))
+         irp->out_size = 0;
+-    release_object( file );
+     irp->file = NULL;
+     if (irp->async)
+     {
+@@ -306,6 +305,7 @@ static void set_irp_result( struct irp_call *irp, unsigned int status,
+         list_remove( &irp->dev_entry );
+         release_object( irp );  /* no longer on the device queue */
+     }
++    release_object( file );
+ }
+ 
+ 
+-- 
+2.4.3
+

patches/server-Release_File/definition

@@ -0,0 +1 @@
+Fixes: [38764] Fix possible use-after-free in wineserver device IPR code