- add upstream patch to fix CVE-2014-3693 - add patch from opensuse to fix "document as e-mail" vulnerability (bnc#900218)