It looks like there is another publicly disclosed vulnerability in upstream's version 2.4.3. From a Mandriva security alert:
" An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c
when handling the "SHZ" bytecode instruction can be exploited to
cause a crash and potentially execute arbitrary code via a specially
crafted font (CVE-2010-3814)."
Upstream commit at $URL.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA PPC.
GLSA with bug 342121.
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType
2.4.3 and earlier allows remote attackers to execute arbitrary code or cause
a denial of service (application crash) via a crafted SHZ bytecode
instruction, related to TrueType opcodes, as demonstrated by a PDF document
with a crafted embedded font.
This issue was resolved and addressed in
GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml
by GLSA coordinator Sean Amoss (ackle).