Merge version 1:20201107~dfsg-4+rpi1 and 1:20201107~dfsg-4+deb11u1 to produce 1:20201...

diff --cc debian/changelog
index 5eb8295edb64b282df37c398b5aa5ef5eadc3c51,431a40aaa206d268af57e6796e5fd092a3a3b1f8..0ae4fcb560e82f71477c9938fce288f9a55c521d
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,11 -1,12 +1,21 @@@
- fontforge (1:20201107~dfsg-4+rpi1) bullseye-staging; urgency=medium
++fontforge (1:20201107~dfsg-4+rpi1+deb11u1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 1:20190801~dfsg-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 01 Apr 2020 17:53:42 +0000]
 +  * Disable call to SplineFontFree in _MergeFont to work around use after
 +    free bug (see debian bug 948876).
 +  * Fix clean target.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 22 Jan 2021 05:12:58 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 04 Apr 2024 17:19:06 +0000
++
+ fontforge (1:20201107~dfsg-4+deb11u1) bullseye-security; urgency=medium
+ 
+   * Non-maintainer upload.
+   * CVE-2024-25081: Spline Font command injection via crafted filenames
+   * CVE-2024-25082: Spline Font command injection via crafted archives
+     or compressed files
+   * Closes: #1064967
+ 
+  -- Adrian Bunk <bunk@debian.org>  Fri, 15 Mar 2024 22:56:38 +0200
  
  fontforge (1:20201107~dfsg-4) unstable; urgency=medium
  

diff --cc debian/patches/series
index 116a42d10d0d69b0c84e1ac9a2c06a4ac0d79555,0b94d761792625d3fdb5ba3d3a860432889a14ee..5cafb65f9b7be30f00ed176a7125e7756ae92ef2
--- 1/debian/patches/series
--- 2/debian/patches/series
+++ b/debian/patches/series
@@@ -5,4 -5,4 +5,5 @@@
  0005-hurd-rename-extended-to-avoid-conflict-with-gnumach-dev.patch
  2003_avoid_privacy_breach.patch
  2004-fix-privacy-breach-logo.patch
+ 0001-fix-splinefont-shell-command-injection-5367.patch
 +4000-use-after-free-hack.patch