CVE-2010-2642, CVE-2011-0433 and CVE-2011-5244

CVE-2010-2642:
==============
Upstream-Bug: https://bugzilla.gnome.org/show_bug.cgi?id=643882
Upstream-Fix: https://git.gnome.org/browse/evince/commit/?id=efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5


CVE-2011-0433:
==============
Upstream-Bug: https://bugzilla.gnome.org/show_bug.cgi?id=640923
Upstream-Fix: https://git.gnome.org/browse/evince/commit/?id=439c5070022eab6cef7266aab47f978058012c72


CVE-2011-5244:
==============
Upstream-Bug: https://bugzilla.gnome.org/show_bug.cgi?id=643882
Upstream-Fix: https://git.gnome.org/browse/evince/commit/?id=efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5


Origin: https://bugs.debian.org/652996

diff --git a/lib/t1lib/parseAFM.c b/lib/t1lib/parseAFM.c
index 6a31d7f..ba64541 100644
--- a/lib/t1lib/parseAFM.c
+++ b/lib/t1lib/parseAFM.c
@@ -199,7 +199,9 @@ static char *token(stream)
     idx = 0;
     
     while (ch != EOF && ch != ' ' && ch != CR  && ch != LF &&
-	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'){
+	   ch != CTRL_Z && ch != '\t' && ch != ':' && ch != ';'
+     && idx < (MAX_NAME -1))
+    {
       ident[idx++] = ch;
       ch = fgetc(stream);
     } /* while */
@@ -235,7 +237,7 @@ static char *linetoken(stream)
     while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); 
     
     idx = 0;
-    while (ch != EOF && ch != CR  && ch != LF && ch != CTRL_Z) 
+    while (ch != EOF && ch != CR  && ch != LF && ch != CTRL_Z && idx < (MAX_NAME - 1)) 
     {
         ident[idx++] = ch;
         ch = fgetc(stream);