[Pkg-tcltk-commits] r493 - in tk8.5/trunk/debian: . patches

sgolovan-guest at alioth.debian.org sgolovan-guest at alioth.debian.org
Mon Feb 4 20:37:04 UTC 2008 

Author: sgolovan-guest
Date: 2008-02-04 20:37:04 +0000 (Mon, 04 Feb 2008)
New Revision: 493

Added:
   tk8.5/trunk/debian/patches/CVE-2006-4484.diff
Modified:
   tk8.5/trunk/debian/changelog
   tk8.5/trunk/debian/patches/series
Log:
[tk8.5]
  * Applied patch by upstream to fix security vulnerability CVE-2006-4484
    overflow triggered by crafted GIF file.


Modified: tk8.5/trunk/debian/changelog
===================================================================
--- tk8.5/trunk/debian/changelog	2008-02-04 20:33:57 UTC (rev 492)
+++ tk8.5/trunk/debian/changelog	2008-02-04 20:37:04 UTC (rev 493)
@@ -1,8 +1,9 @@
-tk8.5 (8.5.0-3) UNRELEASED; urgency=low
+tk8.5 (8.5.0-3) unstable; urgency=high
 
-  * NOT RELEASED YET
+  * Applied patch by upstream to fix security vulnerability CVE-2006-4484
+    overflow triggered by crafted GIF file.
 
- -- Sergei Golovan <sgolovan at debian.org>  Thu,  3 Jan 2008 23:26:45 +0300
+ -- Sergei Golovan <sgolovan at debian.org>  Mon, 04 Feb 2008 23:28:55 +0300
 
 tk8.5 (8.5.0-2) unstable; urgency=low
 

Added: tk8.5/trunk/debian/patches/CVE-2006-4484.diff
===================================================================
--- tk8.5/trunk/debian/patches/CVE-2006-4484.diff	                        (rev 0)
+++ tk8.5/trunk/debian/patches/CVE-2006-4484.diff	2008-02-04 20:37:04 UTC (rev 493)
@@ -0,0 +1,22 @@
+Patch by upstream fixes vulnerability similar to
+CVE-2006-4484 an unknown impact via a GIF file with input_code_size greater
+than MAX_LWZ_BITS, which triggers an overflow when initializing the table
+array.
+
+Index: tk8.5-8.5.0/generic/tkImgGIF.c
+===================================================================
+--- tk8.4-8.5.0.orig/generic/tkImgGIF.c
++++ tk8.4-8.5.0/generic/tkImgGIF.c
+@@ -826,6 +826,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent != -1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;

Modified: tk8.5/trunk/debian/patches/series
===================================================================
--- tk8.5/trunk/debian/patches/series	2008-02-04 20:33:57 UTC (rev 492)
+++ tk8.5/trunk/debian/patches/series	2008-02-04 20:37:04 UTC (rev 493)
@@ -1,3 +1,4 @@
+CVE-2006-4484.diff
 tklibrary.diff
 tkprivate.diff
 confsearch.diff

More information about the Pkg-tcltk-commits mailing list