From ${URL} : When a user runs a2ps with malicious crafted pro(a2ps prologue) file, an attacker can execute arbitrary code. The function output_file processes the %Expand command in pro file. The variable `expansion' in the function output_file may hold a malicious input string, which can be used as a format argument of vsprintf. No upstream patch is available at this moment. Original report: http://seclists.org/oss-sec/2015/q4/284 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
RH/Fedora has https://bugzilla.redhat.com/show_bug.cgi?id=1283156#c2 to fix CVE-2015-8107. In Gentoo we have https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-text/a2ps/files/a2ps-4.14-cleanup.patch?view=log which fixes the same things. No PoC for ACE/RCE, downgraded to B3. GLSA Vote: No Repository is clean.