Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
CVE-2007-5378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5378): Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
A version greater than 8.4.12 is already stable (for all archs but mips), but there may still be users running a vulnerable version. Tcltk, is it possible to remove 8.4.9 from the tree and to stabilise 8.4.16[-r1] on mips? Please advise.
I'm waiting to remove old versions in Bug #178320.
Having insecure versions besides the secure ones is not a security issue, and mips is not supported. Closing, feel free to reopen if you disagree.
