freetype bugs

Since we were just talking about font parsing bugs: four more integer overflows in FreeType. Note the reporter (mentioned in the changelogs). Also note, consistent with what ajaxxx had remarked, that the exploits against FreeType historically have not been against the bytecode but simpler parts like the metrics.