Attachment #48128 for bug #77408

Lines 6-11 enscript (1.6.3-1.2) stable-security; ur Link Here

(-)enscript-1.6.3.CAN-2004-1185/debian/changelog (+1 lines)
6	CAN-2004-1184]	6	CAN-2004-1184]
7	* Commented out code that will permit EPS files to be provided as	7	* Commented out code that will permit EPS files to be provided as
8	arbitrary programs to be executed [src/psgen.c, CAN-2004-1185]	8	arbitrary programs to be executed [src/psgen.c, CAN-2004-1185]
		9	* Fixed buffer overflows [src/util.c, src/psgen.c, CAN-2004-1186]
9		10
10	--	11	--
11		12

Lines 2034-2041 dump_ps_page_header (char *fname, int em Link Here

(-)enscript-1.6.3.CAN-2004-1185/src/psgen.c (-2 / +3 lines)
2034	else	2034	else
2035	{	2035	{
2036	ftail++;	2036	ftail++;
2037	strncpy (buf, fname, ftail - fname);	2037	i = ftail - fname >= sizeof (buf)-1 ? sizeof (buf)-1 : ftail - fname;
2038	buf[ftail - fname] = '\0';	2038	strncpy (buf, fname, i);
		2039	buf[i] = '\0';
2039	}	2040	}
2040		2041
2041	if (nup > 1)	2042	if (nup > 1)

Lines 2003-2009 is_getc (InputStream *is) Link Here

(-)enscript-1.6.3.CAN-2004-1185/src/util.c (-1 / +2 lines)
2003	return EOF;	2003	return EOF;
2004		2004
2005	/* Read more data. */	2005	/* Read more data. */
2006	is->data_in_buf = fread (is->buf, 1, sizeof (is->buf), is->fp);	2006	memset (is->buf, 0, sizeof (is->buf));
		2007	is->data_in_buf = fread (is->buf, 1, sizeof (is->buf)-1, is->fp);
2007	is->bufpos = 0;	2008	is->bufpos = 0;
2008	is->nreads++;	2009	is->nreads++;
2009		2010

Return to bug 77408