Your message dated Sat, 13 Oct 2007 13:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446465: fixed in tk8.3 8.3.5-10
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tk8.3
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for tk8.3.
CVE-2007-5378[0]:
| Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk
| Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows
| user-assisted attackers to cause a denial of service (segmentation
| fault) via an animated GIF in which the first subimage is smaller than
| a subsequent subimage, which triggers the overflow in the ReadImage
| function, a different vulnerability than CVE-2007-5137.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This bug is fixed in the 8.4 package in unstable and testing
but not in etch.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpKwFfc6BIFQ.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: tk8.3
Source-Version: 8.3.5-10
We believe that the bug you reported is fixed in the latest version of
tk8.3, which is due to be installed in the Debian FTP archive:
tk8.3-dev_8.3.5-10_i386.deb
to pool/main/t/tk8.3/tk8.3-dev_8.3.5-10_i386.deb
tk8.3-doc_8.3.5-10_all.deb
to pool/main/t/tk8.3/tk8.3-doc_8.3.5-10_all.deb
tk8.3_8.3.5-10.diff.gz
to pool/main/t/tk8.3/tk8.3_8.3.5-10.diff.gz
tk8.3_8.3.5-10.dsc
to pool/main/t/tk8.3/tk8.3_8.3.5-10.dsc
tk8.3_8.3.5-10_i386.deb
to pool/main/t/tk8.3/tk8.3_8.3.5-10_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <[EMAIL PROTECTED]> (supplier of updated tk8.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 13 Oct 2007 16:38:49 +0400
Source: tk8.3
Binary: tk8.3-doc tk8.3-dev tk8.3
Architecture: source i386 all
Version: 8.3.5-10
Distribution: unstable
Urgency: high
Maintainer: Tcl/Tk Debian Packagers <[EMAIL PROTECTED]>
Changed-By: Sergei Golovan <[EMAIL PROTECTED]>
Description:
tk8.3 - Tk toolkit for Tcl and X11, v8.3 - run-time files
tk8.3-dev - Tk toolkit for Tcl and X11, v8.3 - development files
tk8.3-doc - Tk toolkit for Tcl and X11, v8.3 - manual pages
Closes: 446465
Changes:
tk8.3 (8.3.5-10) unstable; urgency=high
.
* Applied patch by Nico Golde which fixes security vulnerability
CVE-2007-5378 overflow triggered by crafted GIF file (closes: #446465).
Files:
5b06792280f7bf00f8dd9f268cb8b098 809 libs optional tk8.3_8.3.5-10.dsc
0f02d31ba5001d4d5b4373bc90b9465c 31880 libs optional tk8.3_8.3.5-10.diff.gz
b77070c5ecd61ff0289cf626a738b85a 659370 doc optional tk8.3-doc_8.3.5-10_all.deb
9f7251beec54de2b00542180dbb2d61a 813618 libs optional tk8.3_8.3.5-10_i386.deb
d72f7f2027035877d9ef982ee7439bfb 663082 devel optional
tk8.3-dev_8.3.5-10_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHEMCWIcdH02pGEFIRAir3AJ4i4RZUgdwcTvsITwe7IOMrTT/hmQCePg1r
dw1cGAvF/RzUGodNdDaRNSQ=
=fC7G
-----END PGP SIGNATURE-----
--- End Message ---