[Pkg-tcltk-commits] r488 - in tk8.4/trunk/debian: . patches

sgolovan-guest at alioth.debian.org sgolovan-guest at alioth.debian.org
Mon Feb 4 20:32:49 UTC 2008


Author: sgolovan-guest
Date: 2008-02-04 20:32:49 +0000 (Mon, 04 Feb 2008)
New Revision: 488

Added:
   tk8.4/trunk/debian/patches/CVE-2006-4484.diff
Modified:
   tk8.4/trunk/debian/changelog
   tk8.4/trunk/debian/patches/series
Log:
[tk8.4]
  * Applied patch by upstream to fix security vulnerability CVE-2006-4484
    overflow triggered by crafted GIF file.


Modified: tk8.4/trunk/debian/changelog
===================================================================
--- tk8.4/trunk/debian/changelog	2008-02-04 20:27:16 UTC (rev 487)
+++ tk8.4/trunk/debian/changelog	2008-02-04 20:32:49 UTC (rev 488)
@@ -1,8 +1,9 @@
-tk8.4 (8.4.17-2) UNRELEASED; urgency=low
+tk8.4 (8.4.17-2) unstable; urgency=high
 
-  * NOT RELEASED YET
+  * Applied patch by upstream to fix security vulnerability CVE-2006-4484
+    overflow triggered by crafted GIF file.
 
- -- Sergei Golovan <sgolovan at debian.org>  Thu,  3 Jan 2008 03:28:57 +0300
+ -- Sergei Golovan <sgolovan at debian.org>  Mon, 04 Feb 2008 23:22:14 +0300
 
 tk8.4 (8.4.17-1) unstable; urgency=low
 

Added: tk8.4/trunk/debian/patches/CVE-2006-4484.diff
===================================================================
--- tk8.4/trunk/debian/patches/CVE-2006-4484.diff	                        (rev 0)
+++ tk8.4/trunk/debian/patches/CVE-2006-4484.diff	2008-02-04 20:32:49 UTC (rev 488)
@@ -0,0 +1,22 @@
+Patch by upstream fixes vulnerability similar to
+CVE-2006-4484 an unknown impact via a GIF file with input_code_size greater
+than MAX_LWZ_BITS, which triggers an overflow when initializing the table
+array.
+
+Index: tk8.4-8.4.17/generic/tkImgGIF.c
+===================================================================
+--- tk8.4-8.4.17.orig/generic/tkImgGIF.c
++++ tk8.4-8.4.17/generic/tkImgGIF.c
+@@ -826,6 +826,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent != -1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;

Modified: tk8.4/trunk/debian/patches/series
===================================================================
--- tk8.4/trunk/debian/patches/series	2008-02-04 20:27:16 UTC (rev 487)
+++ tk8.4/trunk/debian/patches/series	2008-02-04 20:32:49 UTC (rev 488)
@@ -1,3 +1,4 @@
+CVE-2006-4484.diff
 scalable-fonts.diff
 tklibrary.diff
 tkinc.diff




More information about the Pkg-tcltk-commits mailing list