Fedora Legacy Test Update Notification: enscript

Marc Deslauriers marcdeslauriers at videotron.ca
Tue Nov 15 05:05:40 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152892
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152892
2005-11-14
---------------------------------------------------------------------

Name        : enscript
Versions    : rh73: enscript-1.6.1-19.73.2.legacy
Versions    : rh9: enscript-1.6.1-24.2.legacy
Versions    : fc1: enscript-1.6.1-25.1.1.legacy
Summary     : A plain ASCII to PostScript converter.
Description :
GNU enscript is a free replacement for Adobe's Enscript
program. Enscript converts ASCII files to PostScript(TM) and spools
generated PostScript output to the specified printer or saves it to a
file. Enscript can be extended to handle different output media and
includes many options for customizing printouts.

---------------------------------------------------------------------
Update Information:

An updated enscript package that fixes several security issues is now
available.

GNU enscript converts ASCII files to PostScript.

Enscript has the ability to interpret special escape sequences. A flaw
was found in the handling of the epsf command used to insert inline EPS
files into a document. An attacker could create a carefully crafted
ASCII file which made use of the epsf pipe command in such a way that it
could execute arbitrary commands if the file was opened with enscript by
a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-1184 to this issue.

Additional flaws in Enscript were also discovered which can only be
triggered by executing enscript with carefully crafted command line
arguments. These flaws therefore only have a security impact if enscript
is executed by other programs and passed untrusted data from remote
users. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2004-1185 and CVE-2004-1186 to these issues.

All users of enscript should upgrade to these updated packages, which
resolve these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Thu Nov 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.1-19.73.2.legacy
- Added flex to BuildRequires

* Mon Feb 14 2005 Dave Botsch <dwb7 at ccmr.cornell.edu> 1.6.1-19.73.1.legacy
- Applied patches to fix CAN-2004-1184, CAN-2004-1185, CAN-2004-1186
- Patches taken from rhas2.1 srpm - see changelog entries below
- Bumped version number
- Added legacy keyword

rh9:
* Thu Nov 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.1-24.2.legacy
- Added flex to BuildRequires

* Tue Feb 15 2005 Pekka Savola <pekkas at netcore.fi> 1.6.1-24.1.legacy
- Fix CAN-2004-118[456] from RHEL (#2409)

fc1:
* Thu Nov 03 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.6.1-25.1.1.legacy
- Added flex to BuildRequires

* Tue Feb 15 2005 Pekka Savola <pekkas at netcore.fi> 1.6.1-25.1.legacy
- Fix CAN-2004-118[456] from RHEL (#2409)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
ac29cc61b638a8a4a6e70642a48d4d4e7985a94c
redhat/7.3/updates-testing/i386/enscript-1.6.1-19.73.2.legacy.i386.rpm
2cc05a10d33fb0bd13cad08ae622cebbbf94ada6
redhat/7.3/updates-testing/SRPMS/enscript-1.6.1-19.73.2.legacy.src.rpm

rh9:
275eecbd654c9cc15b17e65a2c60cff8c5ec6f58
redhat/9/updates-testing/i386/enscript-1.6.1-24.2.legacy.i386.rpm
ed838a6c0f4235c789a872e880ddc5aff2d0e457
redhat/9/updates-testing/SRPMS/enscript-1.6.1-24.2.legacy.src.rpm

fc1:
f1de9a957caa34766434ea5e77ad31d49ee769dd
fedora/1/updates-testing/i386/enscript-1.6.1-25.1.1.legacy.i386.rpm
f73d7da391cadf7d033dfe21979fb2ae10477fc6
fedora/1/updates-testing/SRPMS/enscript-1.6.1-25.1.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20051115/d8bb3672/attachment.sig>

More information about the fedora-legacy-list mailing list