Subject: pkg/29721: enscript has had security vulnerability for weeks
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: John Kohl <jtk@kolvir.arlington.ma.us>
List: pkgsrc-bugs
Date: 03/17/2005 01:44:00
>Number: 29721
>Category: pkg
>Synopsis: enscript has had security vulnerability for weeks
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Mar 17 01:44:00 +0000 2005
>Originator: John Kohl
>Release: NetBSD 2.0
>Organization:
NetBSD Kernel Hackers `R` Us
>Environment:
System: NetBSD desktop.john.kohl.name 2.0 NetBSD 2.0 (KOLVIR-$Revision: 1.57 $) #1: Mon Feb 21 13:58:26 EST 2005 jtk@kolvir.arlington.ma.us:/usr/users/jtk/sandbox/src/sys/arch/i386/compile/KOLVIR i386
Architecture: i386
Machine: i386
>Description:
Package enscript-1.6.1nb2 has a remote-code-execution vulnerability, see http://www.securityfocus.org/advisories/7879
No updates to this package in the ~month since this advisory
showed up.
>How-To-Repeat:
try to build enscript. Latest pkgsrc/print/enscript/Makefile
is: # $NetBSD: Makefile,v 1.26 2004/05/28 00:54:50 lukem Exp $
and generates enscript-1.6.1nb2.
>Fix:
>Unformatted: