* SECURITY UPDATE: denial of service and possible code execution in CFF rasterizer - debian/patches/CVE-2014-2240.patch: validate hintMask in src/cff/cf2hints.c. - CVE-2014-2240 * SECURITY UPDATE: denial of service in CFF rasterizer - debian/patches/CVE-2014-2241.patch: don't trigger asserts in src/cff/cf2ft.c. - CVE-2014-2241