--- enscript-1.6.3.CAN-2004-1185/debian/changelog	2005-01-05 11:22:25.000000000 +0100
+++ enscript-1.6.3.CAN-2004-1185/debian/changelog	2005-01-05 13:00:57.000000000 +0100
@@ -6,6 +6,7 @@ enscript (1.6.3-1.2) stable-security; ur
     CAN-2004-1184]
   * Commented out code that will permit EPS files to be provided as
     arbitrary programs to be executed [src/psgen.c, CAN-2004-1185]
+  * Fixed buffer overflows [src/util.c, src/psgen.c, CAN-2004-1186]
 
  --
 
--- enscript-1.6.3.CAN-2004-1185/src/psgen.c	2005-01-05 15:22:40.000000000 +0100
+++ enscript-1.6.3.CAN-2004-1185/src/psgen.c	2005-01-05 15:22:44.000000000 +0100
@@ -2034,8 +2034,9 @@ dump_ps_page_header (char *fname, int em
   else
     {
       ftail++;
-      strncpy (buf, fname, ftail - fname);
-      buf[ftail - fname] = '\0';
+      i = ftail - fname >= sizeof (buf)-1 ? sizeof (buf)-1 : ftail - fname;
+      strncpy (buf, fname, i);
+      buf[i] = '\0';
     }
 
   if (nup > 1)
--- enscript-1.6.3.CAN-2004-1185/src/util.c	2005-01-05 10:43:23.000000000 +0100
+++ enscript-1.6.3.CAN-2004-1185/src/util.c	2005-01-05 15:22:23.000000000 +0100
@@ -2003,7 +2003,8 @@ is_getc (InputStream *is)
 	return EOF;
 
       /* Read more data. */
-      is->data_in_buf = fread (is->buf, 1, sizeof (is->buf), is->fp);
+      memset (is->buf, 0, sizeof (is->buf));
+      is->data_in_buf = fread (is->buf, 1, sizeof (is->buf)-1, is->fp);
       is->bufpos = 0;
       is->nreads++;