diff -u freetype-2.4.12/debian/rules freetype-2.4.12/debian/rules
--- freetype-2.4.12/debian/rules
+++ freetype-2.4.12/debian/rules
@@ -8,12 +8,11 @@
 
 # Workaround for spurious error when building with gcc-4.4
 ifeq (,$(filter m68k alpha,$(DEB_HOST_ARCH)))
-#export DEB_CFLAGS_MAINT_APPEND := -Werror
 endif
 export DEB_CFLAGS_MAINT_APPEND += $(shell dpkg-buildflags --get CPPFLAGS)
 
 # always abort if there are any problems with the symbols file
-DPKG_GENSYMBOLS_CHECK_LEVEL = 4
+DPKG_GENSYMBOLS_CHECK_LEVEL = 1
 export DPKG_GENSYMBOLS_CHECK_LEVEL
 
 VERSION = $(shell dpkg-parsechangelog | sed -n -e's/^Version: //p')
diff -u freetype-2.4.12/debian/libfreetype6.symbols freetype-2.4.12/debian/libfreetype6.symbols
--- freetype-2.4.12/debian/libfreetype6.symbols
+++ freetype-2.4.12/debian/libfreetype6.symbols
@@ -1,12 +1,4 @@
 libfreetype.so.6 libfreetype6 #MINVER#
- ALLOW_X_DMOVE_Rules@Base 2.4.12-0ubuntu1
- ALWAYS_DO_DELTAP_Rules@Base 2.4.12-0ubuntu1
- ALWAYS_SKIP_DELTAP_Rules@Base 2.4.12-0ubuntu1
- ALWAYS_USE_100_Rules@Base 2.4.12-0ubuntu1
- BRIGHTNESS_Rules@Base 2.4.12-0ubuntu1
- COMPATIBILITY_MODE_Rules@Base 2.4.12-0ubuntu1
- CONTRAST_Rules@Base 2.4.12-0ubuntu1
- DO_SHPIX_Rules@Base 2.4.12-0ubuntu1
  FTC_CMapCache_Lookup@Base 2.2.1
  FTC_CMapCache_New@Base 2.2.1
  FTC_ImageCache_Lookup@Base 2.2.1
@@ -264,27 +256,6 @@
  FT_Vector_Transform@Base 2.2.1
  FT_Vector_Transform_Scaled@Base 2.3.5
  FT_Vector_Unit@Base 2.2.1
- MIAP_HACK_Rules@Base 2.4.12-0ubuntu1
- NORMAL_ROUND_Rules@Base 2.4.12-0ubuntu1
- PIXEL_HINTING_Rules@Base 2.4.12-0ubuntu1
- RASTERIZER_35_Rules@Base 2.4.12-0ubuntu1
- ROUND_NONPIXEL_Y_MOVES_Rules@Base 2.4.12-0ubuntu1
- ROUND_NONPIXEL_Y_MOVES_Rules_Exceptions@Base 2.4.12-0ubuntu1
- SKIP_IUP_Rules@Base 2.4.12-0ubuntu1
- SKIP_NONPIXEL_Y_MOVES_DELTAP_Rules@Base 2.4.12-0ubuntu1
- SKIP_NONPIXEL_Y_MOVES_Rules@Base 2.4.12-0ubuntu1
- SKIP_NONPIXEL_Y_MOVES_Rules_Exceptions@Base 2.4.12-0ubuntu1
- SKIP_OFFPIXEL_Y_MOVES_Rules@Base 2.4.12-0ubuntu1
- SKIP_OFFPIXEL_Y_MOVES_Rules_Exceptions@Base 2.4.12-0ubuntu1
- SNAPPING_EDGE_DETECTION_Rules@Base 2.4.12-0ubuntu1
- SNAPPING_M_Rules@Base 2.4.12-0ubuntu1
- SNAPPING_NO_BEARING_CORRECTION_Rules@Base 2.4.12-0ubuntu1
- SNAPPING_STEM_SCALING_Rules@Base 2.4.12-0ubuntu1
- SNAPPING_STEM_TRANSLATING_ONLY_Rules@Base 2.4.12-0ubuntu1
- SNAPPING_STEM_TRANSLATING_Rules@Base 2.4.12-0ubuntu1
- SNAPPING_STEM_WIDTHS_Rules@Base 2.4.12-0ubuntu1
- SNAPPING_SYNTHESIZE_STEMS_Rules@Base 2.4.12-0ubuntu1
- STYLE_CLASS_Rules@Base 2.4.12-0ubuntu1
  TT_New_Context@Base 2.2.1
  TT_RunIns@Base 2.2.1
  af_autofitter_interface@Base 2.4.11
@@ -361,11 +332,9 @@
  ps_parser_funcs@Base 2.2.1
  ps_table_funcs@Base 2.2.1
  psaux_module_class@Base 2.2.1
- pseudo_gamma@Base 2.4.12-0ubuntu1
  pshinter_module_class@Base 2.2.1
  psnames_module_class@Base 2.2.1
  sfnt_module_class@Base 2.2.1
- sliding_scale@Base 2.4.12-0ubuntu1
  t1_builder_funcs@Base 2.2.1
  t1_cmap_classes@Base 2.2.1
  t1_cmap_custom_class_rec@Base 2.2.1
diff -u freetype-2.4.12/debian/changelog freetype-2.4.12/debian/changelog
--- freetype-2.4.12/debian/changelog
+++ freetype-2.4.12/debian/changelog
@@ -1,17 +1,26 @@
-freetype (2.4.12-0ubuntu1ppa2infinality20130515) saucy; urgency=low
-
-  * No changes. Build against my ppa's freetype zip
-
- -- Bob Chez <no1wantdthisname@gmail.com>  Fri, 18 Oct 2013 06:13:35 -0400
-
-freetype (2.4.12-0ubuntu1ppa1infinality20130515) saucy; urgency=low
+freetype (2.4.12-0ubuntu1.1ppa3infinality20130515) saucy; urgency=low
 
+  * Ignore compiler warnings
   * Add infinality patch
-  * Disable subpixel patch since already in infinality
-  * Update series
-  * Update libfreetype6.symbols
+  * Disable subpixel patch
+  * Use infinality patch
+  * Ignore extra symbols
+
+ -- Bob Chez <no1wantdthisname@gmail.com>  Tue, 18 Mar 2014 20:50:56 -0400
+
+freetype (2.4.12-0ubuntu1.1) saucy-security; urgency=medium
+
+  * SECURITY UPDATE: denial of service and possible code execution in
+    CFF rasterizer
+    - debian/patches-freetype/CVE-2014-2240.patch: validate hintMask in
+      src/cff/cf2hints.c.
+    - CVE-2014-2240
+  * SECURITY UPDATE: denial of service in CFF rasterizer
+    - debian/patches-freetype/CVE-2014-2241.patch: don't trigger asserts in
+      src/cff/cf2ft.c.
+    - CVE-2014-2241
 
- -- Bob Chez <no1wantdthisname@gmail.com>  Fri, 18 Oct 2013 05:59:05 -0400
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 13 Mar 2014 12:52:16 -0400
 
 freetype (2.4.12-0ubuntu1) saucy; urgency=low
 
diff -u freetype-2.4.12/debian/patches-freetype/series freetype-2.4.12/debian/patches-freetype/series
--- freetype-2.4.12/debian/patches-freetype/series
+++ freetype-2.4.12/debian/patches-freetype/series
@@ -4,2 +4,4 @@
 git_unitialized_variable.patch
+CVE-2014-2240.patch
+CVE-2014-2241.patch
 freetype-entire-infinality-patchset-20130514-01.patch
only in patch2:
unchanged:
--- freetype-2.4.12.orig/debian/patches-freetype/CVE-2014-2241.patch
+++ freetype-2.4.12/debian/patches-freetype/CVE-2014-2241.patch
@@ -0,0 +1,50 @@
+From 135c3faebb96f8f550bd4f318716f2e1e095a969 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold@adobe.com>
+Date: Fri, 28 Feb 2014 06:42:42 +0000
+Subject: Fix Savannah bug #41697, part 2.
+
+* src/cff/cf2ft.c (cf2_initLocalRegionBuffer,
+cf2_initGlobalRegionBuffer): It is possible for a charstring to call
+a subroutine if no subroutines exist.  This is an error but should
+not trigger an assert.  Split the assert to account for this.
+---
+Index: freetype-2.4.12/src/cff/cf2ft.c
+===================================================================
+--- freetype-2.4.12.orig/src/cff/cf2ft.c	2014-03-13 12:51:28.229643910 -0400
++++ freetype-2.4.12/src/cff/cf2ft.c	2014-03-13 12:51:28.229643910 -0400
+@@ -497,7 +497,7 @@
+                               CF2_UInt      idx,
+                               CF2_Buffer    buf )
+   {
+-    FT_ASSERT( decoder && decoder->globals );
++    FT_ASSERT( decoder );
+ 
+     FT_ZERO( buf );
+ 
+@@ -505,6 +505,8 @@
+     if ( idx >= decoder->num_globals )
+       return TRUE;     /* error */
+ 
++    FT_ASSERT( decoder->globals );
++
+     buf->start =
+     buf->ptr   = decoder->globals[idx];
+     buf->end   = decoder->globals[idx + 1];
+@@ -570,7 +572,7 @@
+                              CF2_UInt      idx,
+                              CF2_Buffer    buf )
+   {
+-    FT_ASSERT( decoder && decoder->locals );
++    FT_ASSERT( decoder );
+ 
+     FT_ZERO( buf );
+ 
+@@ -578,6 +580,8 @@
+     if ( idx >= decoder->num_locals )
+       return TRUE;     /* error */
+ 
++    FT_ASSERT( decoder->locals );
++
+     buf->start =
+     buf->ptr   = decoder->locals[idx];
+     buf->end   = decoder->locals[idx + 1];
only in patch2:
unchanged:
--- freetype-2.4.12.orig/debian/patches-freetype/CVE-2014-2240.patch
+++ freetype-2.4.12/debian/patches-freetype/CVE-2014-2240.patch
@@ -0,0 +1,23 @@
+From 0eae6eb0645264c98812f0095e0f5df4541830e6 Mon Sep 17 00:00:00 2001
+From: Dave Arnold <darnold@adobe.com>
+Date: Fri, 28 Feb 2014 06:40:01 +0000
+Subject: Fix Savannah bug #41697, part 1.
+
+* src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
+invalid.  In this case, it is not safe to use the length of
+`hStemHintArray'; the exception has already been recorded in
+`hintMask'.
+---
+Index: freetype-2.4.12/src/cff/cf2hints.c
+===================================================================
+--- freetype-2.4.12.orig/src/cff/cf2hints.c	2014-03-13 12:51:16.993643728 -0400
++++ freetype-2.4.12/src/cff/cf2hints.c	2014-03-13 12:51:16.989643728 -0400
+@@ -752,6 +752,8 @@
+       cf2_hintmask_setAll( hintMask,
+                            cf2_arrstack_size( hStemHintArray ) +
+                              cf2_arrstack_size( vStemHintArray ) );
++      if ( !cf2_hintmask_isValid( hintMask ) )
++          return;                   /* too many stem hints */
+     }
+ 
+     /* begin by clearing the map */