Your message dated Sun, 15 Jun 2008 16:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#485785: fixed in libtk-img 1:1.3-release-7
has caused the Debian Bug report #485785,
regarding libtk-img: CVE-2008-0553 buffer overflow in ReadImage() leading to
arbitrary code execution via crafted GIF
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
485785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485785
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libtk-img
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libtk-img.
CVE-2008-0553[0]:
| Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in
| Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary
| code via a crafted GIF image, a similar issue to CVE-2006-4484.
This also affects gif/gif.c in libtk-img and is fixed in
upstream commit:
http://tkimg.svn.sourceforge.net/viewvc/tkimg/trunk/gif/gif.c?r1=132&r2=135&view=patch&pathrev=135
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
http://security-tracker.debian.net/tracker/CVE-2008-0553
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp4vZ7uuYm2F.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: libtk-img
Source-Version: 1:1.3-release-7
We believe that the bug you reported is fixed in the latest version of
libtk-img, which is due to be installed in the Debian FTP archive:
libtk-img-dev_1.3-release-7_i386.deb
to pool/main/libt/libtk-img/libtk-img-dev_1.3-release-7_i386.deb
libtk-img-doc_1.3-release-7_all.deb
to pool/main/libt/libtk-img/libtk-img-doc_1.3-release-7_all.deb
libtk-img_1.3-release-7.diff.gz
to pool/main/libt/libtk-img/libtk-img_1.3-release-7.diff.gz
libtk-img_1.3-release-7.dsc
to pool/main/libt/libtk-img/libtk-img_1.3-release-7.dsc
libtk-img_1.3-release-7_i386.deb
to pool/main/libt/libtk-img/libtk-img_1.3-release-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <[EMAIL PROTECTED]> (supplier of updated libtk-img package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 15 Jun 2008 19:47:36 +0400
Source: libtk-img
Binary: libtk-img libtk-img-dev libtk-img-doc
Architecture: source all i386
Version: 1:1.3-release-7
Distribution: unstable
Urgency: high
Maintainer: Sergei Golovan <[EMAIL PROTECTED]>
Changed-By: Sergei Golovan <[EMAIL PROTECTED]>
Description:
libtk-img - Extended image format support for Tcl/Tk (runtime)
libtk-img-dev - Extended image format support for Tcl/Tk (development files)
libtk-img-doc - Extended image format support for Tcl/Tk (manual pages)
Closes: 482710 485785
Changes:
libtk-img (1:1.3-release-7) unstable; urgency=high
.
* Fixed CVE-2008-0553 vulnerability (Stack-based buffer overflow in the
ReadImage function in tkImgGIF.c allows remote attackers to execute
arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.)
Thanks Nico Golde for the patch. Closes: #485785.
* Set urgency to high as this upload fixes a security vulnerability.
* Protected quilt invocation in debian/rules to make it possible to convert
bwidget source package to 3.0 (quilt) format (closes: #482710).
* Bumped standards version to 3.8.0.
Files:
11e571379a64af8433324d435ff6bf34 1179 libs optional libtk-img_1.3-release-7.dsc
72b83f53330a3c234ad6403059560d41 30469 libs optional
libtk-img_1.3-release-7.diff.gz
5492eccd415fc26c4ad24437fdee7191 89068 doc optional
libtk-img-doc_1.3-release-7_all.deb
78d006d00c0aa7687bf01fc1c6c2490f 119812 libs optional
libtk-img_1.3-release-7_i386.deb
91a5f7eea9264d0ef2ed42e6d9308b9b 59644 libdevel optional
libtk-img-dev_1.3-release-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIVUIgIcdH02pGEFIRAobxAJoD8TxrBOOUV3NyGmfpidOnbKpnDwCePDxF
PWMFz5MKN9XxwYgdo04vanU=
=F339
-----END PGP SIGNATURE-----
--- End Message ---
