From 80f20ae057688f0765d59a8f77ae7c4cced42576 Mon Sep 17 00:00:00 2001 From: naddy Date: Fri, 11 Feb 2005 21:59:05 +0000 Subject: Document enscript-{a4,letter,letterdj} vulnerabilities. --- security/vuxml/vuln.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a9a837b996e8..c7441831b6ab 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,37 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + enscript -- multiple vulnerabilities + + + enscript-a4 + enscript-letter + enscript-letterdj + 1.6.4_1 + + + + +

Erik Sjölund discovered several issues in enscript: + it suffers from several buffer overflows, quotes and shell + escape characters are insufficiently sanitized in filenames, + and it supported taking input from an arbitrary command + pipe, with unwanted side effects.

+ + + + CAN-2004-1184 + CAN-2004-1185 + CAN-2004-1186 + http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml + + + 2005-02-02 + 2005-02-11 + + + postgresql -- privilege escalation vulnerability -- cgit