Moritz Muehlenhoff
2008-Nov-19 22:29 UTC
[Secure-testing-team] Bug#506261: enscript: Buffer overflows
Package: enscript
Version: 1.6.4-12
Severity: grave
Tags: security
Justification: user security hole
Hi,
buffer overflows have been discovered in enscript:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306
I''m attaching a patch by Werner Fink of SuSE covering these
issues.
Cheers,
Moritz
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, ''unstable'')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages enscript depends on:
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libpaper1 1.1.23+nmu1 library for handling paper charact
enscript recommends no packages.
Versions of packages enscript suggests:
ii ghostscript [postscript- 8.62.dfsg.1-3.1 The GPL Ghostscript PostScript/PDF
ii lpr 1:2008.05.17 BSD lpr/lpd line printer spooling
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: enscript-security.patch
Type: text/x-c
Size: 2799 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081119/e2567e08/attachment.bin