tk8.4 buffer overrun
Bug #151008 reported by
Jamie Strandboge
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tk8.4 (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Binary package hint: tk8.4
tk8.4 < 8.4.13 suffers from a buffer overrun. This is upstream Tk bug 1458234.
tk8.4 > 8.4.12 and < 8.4.16 suffers from a different buffer overrun, as introduced in the upstream patch for Tk bug 1458234. This is CVE-2007-5137.
Changed in tk8.4: | |
assignee: | nobody → jamie-strandboge |
status: | New → In Progress |
To post a comment you must log in.
tk8.4 (8.4.14-0ubuntu2.1) feisty-security; urgency=low
* SECURITY UPDATE: buffer overflow and potential arbitrary code execution rField
via crafted GIF image
* fix for generic/tkImgGIF.c to properly handle files with smaller later
frames
* References
CVE-2007-5137
LP: #151008
* Modify Maintainer value to match the DebianMaintaine
specification.
-- Jamie Strandboge <email address hidden> Tue, 9 Oct 2007 13:19:32 -0400