[Pkg-tcltk-devel] Bug#505363: tk8.4: CVE-2008-0533 buffer overrun flaw
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Nov 11 21:18:19 UTC 2008
Package: tk8.4
Version: 8.4.19-2
Severity: important
ubuntu has just released "fixes" for a buffer overrun flaw in tk [1].
they describe the problem as:
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
i am setting the severity important (rather than grave) since the
debian security tracker [2] already says that the problem is
"not-for-us," so it may not affect debian at all. maybe ubuntu has
once again overreacted by "fixing" a problem that isn't really a
problem?
[1] http://www.ubuntu.com/usn/USN-664-1
[2] http://security-tracker.debian.net/tracker/CVE-2008-0533
More information about the Pkg-tcltk-devel
mailing list