Ubuntu
tk8.4 package

tk8.4 buffer overrun

Bug #151008 reported by Jamie Strandboge
4
Affects Status Importance Assigned to Milestone
tk8.4 (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

Binary package hint: tk8.4

tk8.4 < 8.4.13 suffers from a buffer overrun. This is upstream Tk bug 1458234.

tk8.4 > 8.4.12 and < 8.4.16 suffers from a different buffer overrun, as introduced in the upstream patch for Tk bug 1458234. This is CVE-2007-5137.

Jamie Strandboge (jdstrand)
Changed in tk8.4:
assignee: nobody → jamie-strandboge
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

tk8.4 (8.4.14-0ubuntu2.1) feisty-security; urgency=low

  * SECURITY UPDATE: buffer overflow and potential arbitrary code execution
    via crafted GIF image
  * fix for generic/tkImgGIF.c to properly handle files with smaller later
    frames
  * References
    CVE-2007-5137
    LP: #151008
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <email address hidden> Tue, 9 Oct 2007 13:19:32 -0400

Changed in tk8.4:
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

For Tk 8.4.12 and lower, this is CVE-2007-5378

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

tk8.4 (8.4.15-1ubuntu1) gutsy; urgency=low

  * SECURITY UPDATE: buffer overflow and potential arbitrary code execution
    via crafted GIF image
  * fix for generic/tkImgGIF.c to properly handle files with smaller later
    frames
  * References
    CVE-2007-5137
    LP: #151008
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <email address hidden> Tue, 09 Oct 2007 17:21:10 +0000

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.