what about maintainers of "freeworld" packages (in that case freetype-freeworld) watching Fedora build of the package they override? it's a joke that there is no update in "updates-testing" repos users having the "freeworld" package installed don#t benefit in *any* way from the Fedora security update because it never get loaded ________________________________________________ Feb 17 17:23:15 Updated: freetype-2.5.0-9.fc20.x86_64 * Di Feb 17 2015 Marek Kasik <mkasik(a)redhat.com&gt; - 2.5.0-9 - Fixes CVE-2014-9656 - Check `p' before `num_glyphs'. - Fixes CVE-2014-9657 - Check minimum size of `record_size'. - Fixes CVE-2014-9658 - Use correct value for minimum table length test. - Fixes CVE-2014-9675 - New macro that checks one character more than `strncmp'. - Fixes CVE-2014-9660 - Check `_BDF_GLYPH_BITS'. - Fixes CVE-2014-9661 - Initialize `face->ttf_size'. - Always set `face->ttf_size' directly. - Exclusively use the `truetype' font driver for loading the font contained in the `sfnts' array. - Fixes CVE-2014-9662 - Handle return values of point allocation routines. - Fixes CVE-2014-9663 - Fix order of validity tests. - Fixes CVE-2014-9664 - Add another boundary testing. - Fix boundary testing. - Fixes CVE-2014-9666 - Protect against addition and multiplication overflow. - Fixes CVE-2014-9667 - Protect against addition overflow. - Fixes CVE-2014-9669 - Protect against overflow in additions and multiplications. - Fixes CVE-2014-9670 - Add sanity checks for row and column values. - Fixes CVE-2014-9671 - Check `size' and `offset' values. - Fixes CVE-2014-9672 - Prevent a buffer overrun caused by a font including too many (> 63) strings to store names[] table. - Fixes CVE-2014-9673 - Fix integer overflow by a broken POST table in resource-fork. - Fixes CVE-2014-9674 - Fix integer overflow by a broken POST table in resource-fork. - Additional overflow check in the summation of POST fragment lengths. - Resolves: #1191099, #1191191, #1191193