According to RedHat: Reinhard Max discovered a buffer overflow flaw in the way Tk's GIF processor handles an interlaced GIF with two frames. It is possible to overflow a buffer if the second frame is smaller than the first. The fix can be found here: http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.36&r2=1.37
Whiteboard and cc'ing maintainers. tcltk, please provide updated ebuilds with the patch applied.
dev-lang/tk-8.4.15-r1 dev-lang/tk-8.5_alpha6-r1 in cvs. =dev-lang/tk-8.5* is masked so please mark stable tk-8.4.15-r1
Thanks, Matsuu. Arches, please go for dev-lang/tk-8.4.15-r1. Targets are: "alpha amd64 arm hppa ia64 mips ppc ppc64 sh sparc x86"
Stable for HPPA.
x86 stable
amd64 stable
alpha/ia64 stable
ppc stable
dev-lang/tk-8.4.15-r1 USE="-debug -threads" 1. Emerges on SPARC. 2. No collisions. 3. No test phase. 4. Works - tested with the rdeps app-text/tkinfo, app-text/tkman, dev-tcltk/tkdiff, dev-tcltk/tkTheme, net-im/tkabber, and with the files inside the test/ directory. Portage 2.1.3.9 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r5 sparc64) ================================================================= System uname: 2.6.22-gentoo-r5 sparc64 sun4u Timestamp of tree: Tue, 18 Sep 2007 20:50:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="sparc" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-O2 -mcpu=ultrasparc -pipe" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/init.d /etc/pam.d /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -mcpu=ultrasparc -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="-k" FEATURES="ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://mirrors1.netvisao.pt/gentoo http://darkstar.ist.utl.pt/pub/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X acl bash-completion bitmap-fonts branding bzip2 cli cracklib crypt dri fortran gdbm gif gnome gtk hal iconv ipv6 isdnlog jpeg midi mudflap ncurses nptl nptlonly offensive opengl openmp pam pcre perl png postgres ppds pppd python readline reflection session sparc spl ssl svg tcpd test tiff truetype truetype-fonts type1-fonts xml xorg xv zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="sunffb" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
ppc64 stable
Sparc stable.
Ready for glsa decision.
generally speaking, buffer overflow means possible code exec. In this case it's user-assisted. so this is B2, unless I missed something. glsa request filed.
GLSA 200710-07, sorry for the late
CVE-2007-4851 was rejected as a duplicate of CVE-2007-5137.