diff --git a/.gitattributes b/.gitattributes
index 9b03811..dde05dc 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -21,3 +21,5 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+## Specific LFS patterns
+bnc628213_test.otf filter=lfs diff=lfs merge=lfs -text
diff --git a/bnc628213_1797.diff b/bnc628213_1797.diff
new file mode 100644
index 0000000..920342b
--- /dev/null
+++ b/bnc628213_1797.diff
@@ -0,0 +1,30 @@
+--- freetype-2.4.1/src/cff/cffgload.c.orig	2010-07-15 18:26:45.000000000 +0200
++++ freetype-2.4.1/src/cff/cffgload.c	2010-08-06 16:56:07.736041000 +0200
+@@ -204,7 +204,7 @@
+     2, /* hsbw */
+     0,
+     0,
+-    0,
++    1,
+     5, /* seac */
+     4, /* sbw */
+     2  /* setcurrentpoint */
+@@ -2041,6 +2041,9 @@
+             if ( Rand >= 0x8000L )
+               Rand++;
+ 
++	    if ( args - stack >= CFF_MAX_OPERANDS )
++	      goto Stack_Overflow;
++
+             args[0] = Rand;
+             seed    = FT_MulFix( seed, 0x10000L - seed );
+             if ( seed == 0 )
+@@ -2166,6 +2169,8 @@
+         case cff_op_dup:
+           FT_TRACE4(( " dup\n" ));
+ 
++	  if ( args + 1 - stack >= CFF_MAX_OPERANDS )
++	    goto Stack_Overflow;
+           args[1] = args[0];
+           args += 2;
+           break;
diff --git a/bnc628213_test.otf b/bnc628213_test.otf
new file mode 100644
index 0000000..cb82090
--- /dev/null
+++ b/bnc628213_test.otf
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:291c5cbd0b5d1742ac5637a53fa3be8fb63a6dcbb12423e160bc2724b645636a
+size 40029
diff --git a/bnc629447_sigsegv31.ttf b/bnc629447_sigsegv31.ttf
new file mode 100644
index 0000000..0350d3b
--- /dev/null
+++ b/bnc629447_sigsegv31.ttf
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:62c56fdcdaff6ceba50fed83bcfcbbebe48e447d9c5c7c9341ea2387fee6c9c5
+size 242304
diff --git a/freetype-2.4.1.tar.bz2 b/freetype-2.4.1.tar.bz2
deleted file mode 100644
index aa8a4f0..0000000
--- a/freetype-2.4.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:45c954e96f52737c0cc62e9a538a4df850c7d1dd73fb25ffe131ae7cb899be3e
-size 1432560
diff --git a/freetype-2.4.2.tar.bz2 b/freetype-2.4.2.tar.bz2
new file mode 100644
index 0000000..59d43ac
--- /dev/null
+++ b/freetype-2.4.2.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9a987aef8c50d9bcfdfdc9f012f8bd0de6095cc1a5524e62c1a037deb8dacbfe
+size 1433843
diff --git a/freetype-doc-2.4.1.tar.bz2 b/freetype-doc-2.4.1.tar.bz2
deleted file mode 100644
index dd73b51..0000000
--- a/freetype-doc-2.4.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7c65e143f81a419c80812b4caf71d5b56b9e15c7dfa08ef4261dff89e67bc7ef
-size 104273
diff --git a/freetype-doc-2.4.2.tar.bz2 b/freetype-doc-2.4.2.tar.bz2
new file mode 100644
index 0000000..f06bb7d
--- /dev/null
+++ b/freetype-doc-2.4.2.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6d40093c0bbb6f182120524f36a3099e925a87458ecca38c71dc447325191774
+size 104322
diff --git a/freetype2.changes b/freetype2.changes
index 6331fc9..641937d 100644
--- a/freetype2.changes
+++ b/freetype2.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Aug 12 09:43:18 UTC 2010 - jw@novell.com
+
+- bnc#628213: added bnc628213_1797.diff
+- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2
+- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito.
+
+-------------------------------------------------------------------
+Mon Aug  9 12:48:18 CEST 2010 - tiwai@suse.de
+
+- updated to version 2.4.2:
+  Another serious bug in the CFF font module has been found,
+  together with more exploitable vulnerabilities in the T42 font
+  driver. 
+
 -------------------------------------------------------------------
 Tue Jul 20 17:50:44 CEST 2010 - tiwai@suse.de
 
diff --git a/freetype2.spec b/freetype2.spec
index 28ce319..7fb3337 100644
--- a/freetype2.spec
+++ b/freetype2.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package freetype2 (Version 2.4.1)
+# spec file for package freetype2 (Version 2.4.2)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -28,7 +28,7 @@ AutoReqProv:    on
 Obsoletes:      freetype2-64bit
 %endif
 #
-Version:        2.4.1
+Version:        2.4.2
 Release:        1
 Url:            http://www.freetype.org
 Summary:        A TrueType Font Library
@@ -45,6 +45,9 @@ Patch9:         fix-build.patch
 Patch308961:    bugzilla-308961-cmex-workaround.patch
 Patch200:       freetype2-subpixel.patch
 Patch201:       use_unix.diff 
+
+Patch1000:      bnc628213_1797.diff
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -92,6 +95,22 @@ It also contains a small tutorial for using that library.
 %patch200 -p 1 -b .subpixel
 %endif
 %patch201 -p1
+
+# bnc628213_1797.diff
+%patch1000 -p1	
+# bnc629447_CVE-2010-2805..8.diff
+#%patch1001 -p1	
+#%patch1002 -p1	
+#%patch1003 -p1	
+#%patch1004 -p1	
+# bnc619562_CVE-2010-2497..2541.diff
+#%patch1005 -p1
+#%patch1006 -p1
+#%patch1007 -p1
+#%patch1008 -p1
+#%patch1009 -p1
+#%patch1010 -p1
+
 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
 cp /usr/share/automake*/config.{guess,sub} builds/unix
diff --git a/ft2demos-2.4.1.tar.bz2 b/ft2demos-2.4.1.tar.bz2
deleted file mode 100644
index d3eb19e..0000000
--- a/ft2demos-2.4.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f4820605e177d2807af2ba05a436452749890f1d955629e817eb8a0cc30571ed
-size 161184
diff --git a/ft2demos-2.4.2.tar.bz2 b/ft2demos-2.4.2.tar.bz2
new file mode 100644
index 0000000..0df61a8
--- /dev/null
+++ b/ft2demos-2.4.2.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:95453d269d338fc93b74a6cbc5f4a3ec55a008d14478b15c8ff13cf388ece3fc
+size 161201
diff --git a/ft2demos.changes b/ft2demos.changes
index 19be1c4..a2109d2 100644
--- a/ft2demos.changes
+++ b/ft2demos.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Aug 12 09:53:12 UTC 2010 - jw@novell.com
+
+- bnc#628213: added bnc628213_1797.diff + regression test
+- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2
+- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito.
+  added sigsegv31.ttf regression test
+
+-------------------------------------------------------------------
+Mon Aug  9 12:48:18 CEST 2010 - tiwai@suse.de
+
+- updated to version 2.4.2:
+  Another serious bug in the CFF font module has been found,
+  together with more exploitable vulnerabilities in the T42 font
+  driver.
+
 -------------------------------------------------------------------
 Tue Jul 20 17:50:44 CEST 2010 - tiwai@suse.de
 
diff --git a/ft2demos.spec b/ft2demos.spec
index 84dcc87..a47f6ce 100644
--- a/ft2demos.spec
+++ b/ft2demos.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package ft2demos (Version 2.4.1)
+# spec file for package ft2demos (Version 2.4.2)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -24,7 +24,7 @@ License:        GPLv2+
 Group:          Productivity/Publishing/Other
 AutoReqProv:    on
 Supplements:    fonts-config
-Version:        2.4.1
+Version:        2.4.2
 Release:        1
 %define freetype_version %{version}
 Url:            http://www.freetype.org
@@ -43,6 +43,11 @@ Patch308961:    bugzilla-308961-cmex-workaround.patch
 Patch50:        ft2demos-build-testname.patch
 Patch200:       freetype2-subpixel.patch
 Patch201:       use_unix.diff
+
+Patch1000:      bnc628213_1797.diff
+Source1000:     bnc628213_test.otf
+Source1004:     bnc629447_sigsegv31.ttf
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -63,6 +68,26 @@ popd
 %patch200 -p 1 -b .subpixel
 %endif
 %patch201 -p1
+
+# bnc628213_1797.diff
+%patch1000 -p1		
+# bnc629447_CVE-2010-2805..8.diff
+#%patch1001 -p1	
+#%patch1002 -p1	
+#%patch1003 -p1	
+#%patch1004 -p1	
+# bnc619562_CVE-2010-2497..2541.diff
+#%patch1005 -p1
+#%patch1006 -p1
+#%patch1007 -p1
+#%patch1008 -p1
+#%patch1009 -p1
+#%patch1010 -p1
+pushd ../ft2demos-%{version}
+#%patch1011 -p1
+#%patch1012 -p1
+popd
+
 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
 cp /usr/share/automake*/config.{guess,sub} builds/unix
@@ -92,6 +117,10 @@ pushd ../ft2demos-%{version}/bin/.libs
     install -m 755 ft* $RPM_BUILD_ROOT%{_bindir}
 popd
 
+%check
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1000}
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1004} |& grep -v "couldn't load font resource" && echo "should fail"
+
 %clean
 
 %files