Summary: | app-text/enscript <1.6.4-r4: read_special_escape() buffer overflow (CVE-2008-{3863,4306}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fmccor, printing |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/secunia_research/2008-41/ | ||
Whiteboard: | B1/2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2008-10-22 15:49:38 UTC
Setting whiteboard. Upstream (in $URL) looks rather dead, our most recent in-tree version (1.6.4) isn't even on their FTP, but it's here: http://www.codento.com/people/mtr/genscript/ (which does not look too active either). Maybe we can borrow patches from other distributions. Not sure about B2, could also be B1 as enscript can be used in trac for parsing user-supplied data, if i remember correctly. Let's go with the SUSE+RedHat patch: https://bugzilla.redhat.com/attachment.cgi?id=322032 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3863 printing, please apply and bump. Applied and revbumped, enscript-1.6.4-r4 in the tree. I've also borrowed another Fedora patch to repair emake install. Arches, please test and mark stable =app-text/enscript-1.6.4-r4 Target keywords: alpha amd64 hppa ia64 ppc ppc64 sparc x86 Sparc stable, working fine for me. amd64/x86 stable alpha/ia64 stable Stable for HPPA. ppc64 stable ppc stable GLSA 200812-02 |