diff -Nru freetype-2.11.1+dfsg/debian/changelog freetype-2.11.1+dfsg/debian/changelog
--- freetype-2.11.1+dfsg/debian/changelog	2022-07-19 15:13:32.000000000 +0000
+++ freetype-2.11.1+dfsg/debian/changelog	2023-05-02 11:19:28.000000000 +0000
@@ -1,3 +1,12 @@
+freetype (2.11.1+dfsg-1ubuntu0.2) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: Integer overflow
+    - debian/patches/CVE-2023-2004.patch: fix a integer overflow
+      in src/truetype/ttgxvar.c.
+    - CVE-2023-2004
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 02 May 2023 08:19:28 -0300
+
 freetype (2.11.1+dfsg-1ubuntu0.1) jammy-security; urgency=medium
 
   * SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
diff -Nru freetype-2.11.1+dfsg/debian/patches/CVE-2023-2004.patch freetype-2.11.1+dfsg/debian/patches/CVE-2023-2004.patch
--- freetype-2.11.1+dfsg/debian/patches/CVE-2023-2004.patch	1970-01-01 00:00:00.000000000 +0000
+++ freetype-2.11.1+dfsg/debian/patches/CVE-2023-2004.patch	2023-05-02 11:19:19.000000000 +0000
@@ -0,0 +1,30 @@
+From e6fda039ad638866b7a6a5d046f03278ba1b7611 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Mon, 14 Nov 2022 19:18:19 +0100
+Subject: [PATCH] * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer
+ overflow.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
+Index: freetype-2.11.1+dfsg/src/truetype/ttgxvar.c
+===================================================================
+--- freetype-2.11.1+dfsg.orig/src/truetype/ttgxvar.c
++++ freetype-2.11.1+dfsg/src/truetype/ttgxvar.c
+@@ -42,6 +42,7 @@
+ #include <ft2build.h>
+ #include <freetype/internal/ftdebug.h>
+ #include FT_CONFIG_CONFIG_H
++#include <freetype/internal/ftcalc.h>
+ #include <freetype/internal/ftstream.h>
+ #include <freetype/internal/sfnt.h>
+ #include <freetype/tttags.h>
+@@ -1147,7 +1148,7 @@
+                 delta == 1 ? "" : "s",
+                 vertical ? "VVAR" : "HVAR" ));
+ 
+-    *avalue += delta;
++    *avalue = ADD_INT( *avalue, delta );
+ 
+   Exit:
+     return error;
diff -Nru freetype-2.11.1+dfsg/debian/patches/series freetype-2.11.1+dfsg/debian/patches/series
--- freetype-2.11.1+dfsg/debian/patches/series	2022-07-19 15:12:48.000000000 +0000
+++ freetype-2.11.1+dfsg/debian/patches/series	2023-05-02 11:19:15.000000000 +0000
@@ -7,3 +7,4 @@
 CVE-2022-27405.patch
 CVE-2022-27406.patch
 CVE-2022-31782.patch
+CVE-2023-2004.patch