Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 192539
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 192539 depends on: Show dependency tree
Bug 192539 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-09-14 19:26 0000 
According to RedHat:
  Reinhard Max discovered a buffer overflow flaw in the way Tk's GIF
  processor handles an interlaced GIF with two frames.  It is possible
  to overflow a buffer if the second frame is smaller than the first.
  The fix can be found here:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.36&r2=1.37

------- Comment #1 From Robert Buchholz 2007-09-14 19:33:32 0000 ------- 
Whiteboard and cc'ing maintainers.

tcltk, please provide updated ebuilds with the patch applied.

------- Comment #2 From MATSUU Takuto 2007-09-16 02:29:07 0000 ------- 
dev-lang/tk-8.4.15-r1
dev-lang/tk-8.5_alpha6-r1
in cvs.
=dev-lang/tk-8.5* is masked so please mark stable tk-8.4.15-r1

------- Comment #3 From Robert Buchholz 2007-09-16 04:11:26 0000 ------- 
Thanks, Matsuu. Arches, please go for dev-lang/tk-8.4.15-r1.
Targets are: "alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86"

------- Comment #4 From Jeroen Roovers 2007-09-16 07:29:26 0000 ------- 
Stable for HPPA.

------- Comment #5 From Markus Meier 2007-09-16 10:13:55 0000 ------- 
x86 stable

------- Comment #6 From Christoph Mende 2007-09-16 14:57:22 0000 ------- 
amd64 stable

------- Comment #7 From Raúl Porcel 2007-09-17 10:07:01 0000 ------- 
alpha/ia64 stable

------- Comment #8 From Tobias Scherbaum 2007-09-17 17:38:48 0000 ------- 
ppc stable

------- Comment #9 From Tiago Cunha 2007-09-19 04:11:08 0000 ------- 
dev-lang/tk-8.4.15-r1  USE="-debug -threads"

1. Emerges on SPARC.
2. No collisions.
3. No test phase.
4. Works - tested with the rdeps app-text/tkinfo, app-text/tkman,
dev-tcltk/tkdiff, dev-tcltk/tkTheme, net-im/tkabber, and with the files inside
the test/ directory.

Portage 2.1.3.9 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.5-r4,
2.6.22-gentoo-r5 sparc64)
=================================================================
System uname: 2.6.22-gentoo-r5 sparc64 sun4u
Timestamp of tree: Tue, 18 Sep 2007 20:50:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="sparc"
CBUILD="sparc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=ultrasparc -pipe"
CHOST="sparc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/init.d
/etc/pam.d /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -mcpu=ultrasparc -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="-k"
FEATURES="ccache collision-protect distlocks metadata-transfer parallel-fetch
sandbox sfperms strict test unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="ftp://mirrors1.netvisao.pt/gentoo
http://darkstar.ist.utl.pt/pub/gentoo http://distfiles.gentoo.org
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X acl bash-completion bitmap-fonts branding bzip2 cli cracklib crypt dri
fortran gdbm gif gnome gtk hal iconv ipv6 isdnlog jpeg midi mudflap ncurses
nptl nptlonly offensive opengl openmp pam pcre perl png postgres ppds pppd
python readline reflection session sparc spl ssl svg tcpd test tiff truetype
truetype-fonts type1-fonts xml xorg xv zlib" ALSA_PCM_PLUGINS="adpcm alaw asym
copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat
linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc"
INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz
cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU"
VIDEO_CARDS="sunffb"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS,
PORTDIR_OVERLAY

------- Comment #10 From Brent Baude 2007-09-20 21:04:39 0000 ------- 
ppc64 stable

------- Comment #11 From Ferris McCormick 2007-09-23 01:21:23 0000 ------- 
Sparc stable.

------- Comment #12 From Robert Buchholz 2007-09-23 08:43:36 0000 ------- 
Ready for glsa decision.

------- Comment #13 From Pierre-Yves Rofes 2007-09-25 09:50:21 0000 ------- 
generally speaking, buffer overflow means possible code exec. In this case it's
user-assisted. so this is B2, unless I missed something.
glsa request filed.

------- Comment #14 From Raphael Marichez 2007-10-07 22:20:19 0000 ------- 
GLSA 200710-07, sorry for the late

------- Comment #15 From Robert Buchholz 2007-10-20 23:44:21 0000 ------- 
CVE-2007-4851 was rejected as a duplicate of CVE-2007-5137.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug