--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152892 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152892 2005-11-14 --------------------------------------------------------------------- Name : enscript Versions : rh73: enscript-1.6.1-19.73.2.legacy Versions : rh9: enscript-1.6.1-24.2.legacy Versions : fc1: enscript-1.6.1-25.1.1.legacy Summary : A plain ASCII to PostScript converter. Description : GNU enscript is a free replacement for Adobe's Enscript program. Enscript converts ASCII files to PostScript(TM) and spools generated PostScript output to the specified printer or saves it to a file. Enscript can be extended to handle different output media and includes many options for customizing printouts. --------------------------------------------------------------------- Update Information: An updated enscript package that fixes several security issues is now available. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. An attacker could create a carefully crafted ASCII file which made use of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1184 to this issue. Additional flaws in Enscript were also discovered which can only be triggered by executing enscript with carefully crafted command line arguments. These flaws therefore only have a security impact if enscript is executed by other programs and passed untrusted data from remote users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1185 and CVE-2004-1186 to these issues. All users of enscript should upgrade to these updated packages, which resolve these issues. --------------------------------------------------------------------- Changelogs rh73: * Thu Nov 03 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.1-19.73.2.legacy - Added flex to BuildRequires * Mon Feb 14 2005 Dave Botsch <dwb7@xxxxxxxxxxxxxxxx> 1.6.1-19.73.1.legacy - Applied patches to fix CAN-2004-1184, CAN-2004-1185, CAN-2004-1186 - Patches taken from rhas2.1 srpm - see changelog entries below - Bumped version number - Added legacy keyword rh9: * Thu Nov 03 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.1-24.2.legacy - Added flex to BuildRequires * Tue Feb 15 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1.6.1-24.1.legacy - Fix CAN-2004-118[456] from RHEL (#2409) fc1: * Thu Nov 03 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.6.1-25.1.1.legacy - Added flex to BuildRequires * Tue Feb 15 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1.6.1-25.1.legacy - Fix CAN-2004-118[456] from RHEL (#2409) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: ac29cc61b638a8a4a6e70642a48d4d4e7985a94c redhat/7.3/updates-testing/i386/enscript-1.6.1-19.73.2.legacy.i386.rpm 2cc05a10d33fb0bd13cad08ae622cebbbf94ada6 redhat/7.3/updates-testing/SRPMS/enscript-1.6.1-19.73.2.legacy.src.rpm rh9: 275eecbd654c9cc15b17e65a2c60cff8c5ec6f58 redhat/9/updates-testing/i386/enscript-1.6.1-24.2.legacy.i386.rpm ed838a6c0f4235c789a872e880ddc5aff2d0e457 redhat/9/updates-testing/SRPMS/enscript-1.6.1-24.2.legacy.src.rpm fc1: f1de9a957caa34766434ea5e77ad31d49ee769dd fedora/1/updates-testing/i386/enscript-1.6.1-25.1.1.legacy.i386.rpm f73d7da391cadf7d033dfe21979fb2ae10477fc6 fedora/1/updates-testing/SRPMS/enscript-1.6.1-25.1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
