diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1184/debian/changelog enscript-1.6.3.CAN-2004-1185/debian/changelog
--- enscript-1.6.3.CAN-2004-1184/debian/changelog	2005-01-04 21:15:17.000000000 +0100
+++ enscript-1.6.3.CAN-2004-1185/debian/changelog	2005-01-05 11:22:25.000000000 +0100
@@ -4,6 +4,8 @@ enscript (1.6.3-1.2) stable-security; ur
   * Corrected handling of user supplied input (filename, title) when
     executing shell commands [src/gsint.h, src/main.c, src/util.c,
     CAN-2004-1184]
+  * Commented out code that will permit EPS files to be provided as
+    arbitrary programs to be executed [src/psgen.c, CAN-2004-1185]
 
  --
 
diff -u -p -Nr --exclude CVS enscript-1.6.3.CAN-2004-1184/src/psgen.c enscript-1.6.3.CAN-2004-1185/src/psgen.c
--- enscript-1.6.3.CAN-2004-1184/src/psgen.c	2005-01-04 20:59:56.000000000 +0100
+++ enscript-1.6.3.CAN-2004-1185/src/psgen.c	2005-01-05 15:22:40.000000000 +0100
@@ -2385,9 +2385,10 @@ recognize_eps_file (Token *token)
   MESSAGE (2, (stderr, "^@epsf=\"%s\"\n", token->u.epsf.filename));
 
   i = strlen (token->u.epsf.filename);
+  /*
   if (i > 0 && token->u.epsf.filename[i - 1] == '|')
     {
-      /* Read EPS data from pipe. */
+      / * Read EPS data from pipe. * /
       token->u.epsf.pipe = 1;
       token->u.epsf.filename[i - 1] = '\0';
       token->u.epsf.fp = popen (token->u.epsf.filename, "r");
@@ -2400,6 +2401,7 @@ recognize_eps_file (Token *token)
 	}
     }
   else
+  */
     {
       char *filename;