diff --git a/.gitattributes b/.gitattributes
index 9b03811..dde05dc 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -21,3 +21,5 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+## Specific LFS patterns
+bnc628213_test.otf filter=lfs diff=lfs merge=lfs -text
diff --git a/bnc628213_1797.diff b/bnc628213_1797.diff
new file mode 100644
index 0000000..920342b
--- /dev/null
+++ b/bnc628213_1797.diff
@@ -0,0 +1,30 @@
+--- freetype-2.4.1/src/cff/cffgload.c.orig	2010-07-15 18:26:45.000000000 +0200
++++ freetype-2.4.1/src/cff/cffgload.c	2010-08-06 16:56:07.736041000 +0200
+@@ -204,7 +204,7 @@
+     2, /* hsbw */
+     0,
+     0,
+-    0,
++    1,
+     5, /* seac */
+     4, /* sbw */
+     2  /* setcurrentpoint */
+@@ -2041,6 +2041,9 @@
+             if ( Rand >= 0x8000L )
+               Rand++;
+ 
++	    if ( args - stack >= CFF_MAX_OPERANDS )
++	      goto Stack_Overflow;
++
+             args[0] = Rand;
+             seed    = FT_MulFix( seed, 0x10000L - seed );
+             if ( seed == 0 )
+@@ -2166,6 +2169,8 @@
+         case cff_op_dup:
+           FT_TRACE4(( " dup\n" ));
+ 
++	  if ( args + 1 - stack >= CFF_MAX_OPERANDS )
++	    goto Stack_Overflow;
+           args[1] = args[0];
+           args += 2;
+           break;
diff --git a/bnc628213_test.otf b/bnc628213_test.otf
new file mode 100644
index 0000000..cb82090
--- /dev/null
+++ b/bnc628213_test.otf
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:291c5cbd0b5d1742ac5637a53fa3be8fb63a6dcbb12423e160bc2724b645636a
+size 40029
diff --git a/bnc629447_sigsegv31.ttf b/bnc629447_sigsegv31.ttf
new file mode 100644
index 0000000..0350d3b
--- /dev/null
+++ b/bnc629447_sigsegv31.ttf
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:62c56fdcdaff6ceba50fed83bcfcbbebe48e447d9c5c7c9341ea2387fee6c9c5
+size 242304
diff --git a/freetype2.changes b/freetype2.changes
index c5854b5..641937d 100644
--- a/freetype2.changes
+++ b/freetype2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Aug 12 09:43:18 UTC 2010 - jw@novell.com
+
+- bnc#628213: added bnc628213_1797.diff
+- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2
+- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito.
+
 -------------------------------------------------------------------
 Mon Aug  9 12:48:18 CEST 2010 - tiwai@suse.de
 
diff --git a/freetype2.spec b/freetype2.spec
index a55c8c7..152eb95 100644
--- a/freetype2.spec
+++ b/freetype2.spec
@@ -45,6 +45,9 @@ Patch9:         fix-build.patch
 Patch308961:    bugzilla-308961-cmex-workaround.patch
 Patch200:       freetype2-subpixel.patch
 Patch201:       use_unix.diff 
+
+Patch1000:	bnc628213_1797.diff
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -92,6 +95,22 @@ It also contains a small tutorial for using that library.
 %patch200 -p 1 -b .subpixel
 %endif
 %patch201 -p1
+
+# bnc628213_1797.diff
+%patch1000 -p1	
+# bnc629447_CVE-2010-2805..8.diff
+#%patch1001 -p1	
+#%patch1002 -p1	
+#%patch1003 -p1	
+#%patch1004 -p1	
+# bnc619562_CVE-2010-2497..2541.diff
+#%patch1005 -p1
+#%patch1006 -p1
+#%patch1007 -p1
+#%patch1008 -p1
+#%patch1009 -p1
+#%patch1010 -p1
+
 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
 cp /usr/share/automake*/config.{guess,sub} builds/unix
diff --git a/ft2demos.changes b/ft2demos.changes
index 48269f8..a2109d2 100644
--- a/ft2demos.changes
+++ b/ft2demos.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Aug 12 09:53:12 UTC 2010 - jw@novell.com
+
+- bnc#628213: added bnc628213_1797.diff + regression test
+- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2
+- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito.
+  added sigsegv31.ttf regression test
+
 -------------------------------------------------------------------
 Mon Aug  9 12:48:18 CEST 2010 - tiwai@suse.de
 
diff --git a/ft2demos.spec b/ft2demos.spec
index 680ebc9..1c9e04d 100644
--- a/ft2demos.spec
+++ b/ft2demos.spec
@@ -43,6 +43,11 @@ Patch308961:    bugzilla-308961-cmex-workaround.patch
 Patch50:        ft2demos-build-testname.patch
 Patch200:       freetype2-subpixel.patch
 Patch201:       use_unix.diff
+
+Patch1000:	bnc628213_1797.diff
+Source1000:	bnc628213_test.otf
+Source1004:	bnc629447_sigsegv31.ttf
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -63,6 +68,26 @@ popd
 %patch200 -p 1 -b .subpixel
 %endif
 %patch201 -p1
+
+# bnc628213_1797.diff
+%patch1000 -p1		
+# bnc629447_CVE-2010-2805..8.diff
+#%patch1001 -p1	
+#%patch1002 -p1	
+#%patch1003 -p1	
+#%patch1004 -p1	
+# bnc619562_CVE-2010-2497..2541.diff
+#%patch1005 -p1
+#%patch1006 -p1
+#%patch1007 -p1
+#%patch1008 -p1
+#%patch1009 -p1
+#%patch1010 -p1
+pushd ../ft2demos-%{version}
+#%patch1011 -p1
+#%patch1012 -p1
+popd
+
 find . -name CVS -type d | xargs rm -rf
 find . -name ".cvsignore" | xargs rm -f
 cp /usr/share/automake*/config.{guess,sub} builds/unix
@@ -92,6 +117,10 @@ pushd ../ft2demos-%{version}/bin/.libs
     install -m 755 ft* $RPM_BUILD_ROOT%{_bindir}
 popd
 
+%check
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1000}
+$RPM_BUILD_ROOT/usr/bin/ftbench -c 1 %{S:1004} |& grep -v "couldn't load font resource" && echo "should fail"
+
 %clean
 
 %files