Freetype 2.5.4 suffers from an incomplete fix for the old vunlerability CVE-2014-2240. Also according to the founder of the vulnerability multiple other issues have been found, CVEs have been requested: http://seclists.org/oss-sec/2014/q4/1013 Please bump.
freetype-2.5.4 is now in the tree
Added to existing GLSA request
This issue was resolved and addressed in GLSA 201503-05 at http://security.gentoo.org/glsa/glsa-201503-05.xml by GLSA coordinator Kristian Fiskerstrand (K_F).