Package: libtk-img Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libtk-img.
CVE-2008-0553[0]: | Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in | Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary | code via a crafted GIF image, a similar issue to CVE-2006-4484. This also affects gif/gif.c in libtk-img and is fixed in upstream commit: http://tkimg.svn.sourceforge.net/viewvc/tkimg/trunk/gif/gif.c?r1=132&r2=135&view=patch&pathrev=135 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://security-tracker.debian.net/tracker/CVE-2008-0553 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpDps87ZknFJ.pgp
Description: PGP signature
