====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "read_special_escape()" function in src/psgen.c. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file. Successful exploitation allows execution of arbitrary code, but requires that special escapes processing is enabled with the "-e" option.
Setting whiteboard. Upstream (in $URL) looks rather dead, our most recent in-tree version (1.6.4) isn't even on their FTP, but it's here: http://www.codento.com/people/mtr/genscript/ (which does not look too active either). Maybe we can borrow patches from other distributions.
Not sure about B2, could also be B1 as enscript can be used in trac for parsing user-supplied data, if i remember correctly.
Let's go with the SUSE+RedHat patch: https://bugzilla.redhat.com/attachment.cgi?id=322032 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3863 printing, please apply and bump.
Applied and revbumped, enscript-1.6.4-r4 in the tree. I've also borrowed another Fedora patch to repair emake install.
Arches, please test and mark stable =app-text/enscript-1.6.4-r4 Target keywords: alpha amd64 hppa ia64 ppc ppc64 sparc x86
Sparc stable, working fine for me.
amd64/x86 stable
alpha/ia64 stable
Stable for HPPA.
ppc64 stable
ppc stable
GLSA 200812-02