I have been taking a closer look at the various security patches Debian applies to GNU Enscript this morning - I believe there may be similar problems lurking in other parts of the codebase, so my plan is to fix these myself this week. This avoids various inconvenient questions about copyright assignment. For the shorter patches this isn't a problem, of course - and there's generally more than one way to fix buffer overflows anyway. There's one longer patch where shell escapes are prevented - that might need more study.