[Pkg-tcltk-commits] r487 - in tk8.3/trunk/debian: . patches

sgolovan-guest at alioth.debian.org sgolovan-guest at alioth.debian.org
Mon Feb 4 20:27:17 UTC 2008 

Author: sgolovan-guest
Date: 2008-02-04 20:27:16 +0000 (Mon, 04 Feb 2008)
New Revision: 487

Added:
   tk8.3/trunk/debian/patches/CVE-2006-4484.diff
Modified:
   tk8.3/trunk/debian/changelog
   tk8.3/trunk/debian/patches/series
   tk8.3/trunk/debian/tk8.3.dirs
Log:
[tk8.3]
  * Applied patch by upstream to fix security vulnerability CVE-2006-4484
    overflow triggered by crafted GIF file.


Modified: tk8.3/trunk/debian/changelog
===================================================================
--- tk8.3/trunk/debian/changelog	2008-02-03 18:28:10 UTC (rev 486)
+++ tk8.3/trunk/debian/changelog	2008-02-04 20:27:16 UTC (rev 487)
@@ -1,8 +1,10 @@
-tk8.3 (8.3.5-12) UNRELEASED; urgency=low
+tk8.3 (8.3.5-12) unstable; urgency=high
 
-  * NOT RELEASED YET
+  * Applied patch by upstream to fix security vulnerability CVE-2006-4484
+    overflow triggered by crafted GIF file.
+  * Removed empty directory /usr/share/tk8.3 from the binary package.
 
- -- Sergei Golovan <sgolovan at debian.org>  Fri, 19 Oct 2007 16:52:53 +0400
+ -- Sergei Golovan <sgolovan at debian.org>  Mon, 04 Feb 2008 22:57:26 +0300
 
 tk8.3 (8.3.5-11) unstable; urgency=low
 

Added: tk8.3/trunk/debian/patches/CVE-2006-4484.diff
===================================================================
--- tk8.3/trunk/debian/patches/CVE-2006-4484.diff	                        (rev 0)
+++ tk8.3/trunk/debian/patches/CVE-2006-4484.diff	2008-02-04 20:27:16 UTC (rev 487)
@@ -0,0 +1,22 @@
+Patch by upstream fixes vulnerability similar to
+CVE-2006-4484 an unknown impact via a GIF file with input_code_size greater
+than MAX_LWZ_BITS, which triggers an overflow when initializing the table
+array.
+
+Index: tk8.3-8.3.5/generic/tkImgGIF.c
+===================================================================
+--- tk8.3-8.3.5.orig/generic/tkImgGIF.c	2002-03-26 05:29:01.000000000 +0300
++++ tk8.3-8.3.5/generic/tkImgGIF.c	2007-10-18 20:23:40.000000000 +0400
+@@ -808,6 +808,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent!=-1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;

Modified: tk8.3/trunk/debian/patches/series
===================================================================
--- tk8.3/trunk/debian/patches/series	2008-02-03 18:28:10 UTC (rev 486)
+++ tk8.3/trunk/debian/patches/series	2008-02-04 20:27:16 UTC (rev 487)
@@ -1,5 +1,6 @@
 CVE-2007-5137.diff
 CVE-2007-5378.diff
+CVE-2006-4484.diff
 fonts.diff
 scalable-fonts.diff
 canvpoly.diff

Modified: tk8.3/trunk/debian/tk8.3.dirs
===================================================================
--- tk8.3/trunk/debian/tk8.3.dirs	2008-02-03 18:28:10 UTC (rev 486)
+++ tk8.3/trunk/debian/tk8.3.dirs	2008-02-04 20:27:16 UTC (rev 487)
@@ -1 +1 @@
-usr/share/tk8.3
+usr/share

More information about the Pkg-tcltk-commits mailing list