* SECURITY UPDATE: uninitialized memory reads (LP: #1449225) - debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c, src/type1/t1load.c, src/type42/t42parse.c. - No CVE number * SECURITY UPDATE: denial of service via infinite loop in parse_encode (LP: #1492124) - debian/patches-freetype/savannah-bug-41590.patch: protect against invalid charcode in src/type1/t1load.c. - No CVE number