Ubuntu
tk8.3 package

tk8.3 buffer overrun

Bug #151007 reported by Jamie Strandboge on 2007-10-09

Affects		Status	Importance	Assigned to	Milestone
	tk8.3 (Ubuntu)	Fix Released	Undecided	Jamie Strandboge

Bug Description

Binary package hint: tk8.3

tk8.3 is vulnerable to a buffer overrun. This is upstream Tk bug 1458234

Related branches

lp:ubuntu/dapper-updates/tk8.3

lp:ubuntu/edgy-security/tk8.3

lp:ubuntu/feisty-security/tk8.3

CVE References

2007-5378

Jamie Strandboge (jdstrand) on 2007-10-09

Changed in tk8.3:
assignee:	nobody → jamie-strandboge
status:	New → In Progress

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2007-10-11:

tk8.3 (8.3.5-6ubuntu2.1) feisty-security; urgency=low

  * SECURITY UPDATE: buffer overflow and potential arbitrary code execution
    via crafted GIF image
  * fix for generic/tkImgGIF.c to properly allocate memory for files with
    different sized frames
  * References
    LP: #151007

-- Jamie Strandboge <email address hidden> Tue, 9 Oct 2007 13:43:30 -0400

Changed in tk8.3:
status:	In Progress → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2007-10-12:

This is CVE-2007-5378

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2007-10-12:

tk8.3 (8.3.5-6ubuntu3) gutsy; urgency=low

-- Jamie Strandboge <email address hidden> Tue, 09 Oct 2007 17:44:43 +0000

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutk8.3 package

tk8.3 buffer overrun

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
tk8.3 package