tk8.4 buffer overrun

Bug #151008 reported by Jamie Strandboge on 2007-10-09
4
Affects Status Importance Assigned to Milestone
tk8.4 (Ubuntu)
Undecided
Jamie Strandboge

Bug Description

Binary package hint: tk8.4

tk8.4 < 8.4.13 suffers from a buffer overrun. This is upstream Tk bug 1458234.

tk8.4 > 8.4.12 and < 8.4.16 suffers from a different buffer overrun, as introduced in the upstream patch for Tk bug 1458234. This is CVE-2007-5137.

Changed in tk8.4:
assignee: nobody → jamie-strandboge
status: New → In Progress
Jamie Strandboge (jdstrand) wrote :

tk8.4 (8.4.14-0ubuntu2.1) feisty-security; urgency=low

  * SECURITY UPDATE: buffer overflow and potential arbitrary code execution
    via crafted GIF image
  * fix for generic/tkImgGIF.c to properly handle files with smaller later
    frames
  * References
    CVE-2007-5137
    LP: #151008
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <email address hidden> Tue, 9 Oct 2007 13:19:32 -0400

Changed in tk8.4:
status: In Progress → Fix Released
Jamie Strandboge (jdstrand) wrote :

For Tk 8.4.12 and lower, this is CVE-2007-5378

Jamie Strandboge (jdstrand) wrote :

tk8.4 (8.4.15-1ubuntu1) gutsy; urgency=low

  * SECURITY UPDATE: buffer overflow and potential arbitrary code execution
    via crafted GIF image
  * fix for generic/tkImgGIF.c to properly handle files with smaller later
    frames
  * References
    CVE-2007-5137
    LP: #151008
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <email address hidden> Tue, 09 Oct 2007 17:21:10 +0000

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers