CVE-2007-4851 Tk GIF processing buffer overflow

This commit is contained in:
Marcela Mašláňová 2007-09-17 07:37:51 +00:00
parent fa9326a185
commit d78a576aec
2 changed files with 19 additions and 2 deletions

11
tk-gifoverflow.patch Normal file
View File

@ -0,0 +1,11 @@
--- tk8.4.15/generic/tkImgGIF.c.old 2006-03-27 14:13:56.000000000 +0200
+++ tk8.4.15/generic/tkImgGIF.c 2007-09-17 09:28:42.000000000 +0200
@@ -995,7 +995,7 @@
*/
if (interlace) {
ypos += interlaceStep[pass];
- while (ypos >= height) {
+ while (ypos >= rows) {
pass++;
if (pass > 3) {
return TCL_OK;

10
tk.spec
View File

@ -3,7 +3,7 @@
Summary: The graphical toolkit for the Tcl scripting language
Name: tk
Version: %{majorver}.15
Release: 4%{?dist}
Release: 5%{?dist}
Epoch: 1
License: TCL
Group: Development/Languages
@ -18,6 +18,7 @@ BuildRequires: libX11-devel, gawk
# panedwindow.n from itcl conflicts
Conflicts: itcl <= 3.2
Patch1: tk-confi.patch
Patch2: tk-gifoverflow.patch
%description
When paired with the Tcl scripting language, Tk provides a fast and powerful
@ -39,7 +40,8 @@ The package contains the development files and man pages for tk.
%prep
%setup -n %{name}%{version} -q
%patch1 -p1 -b .confi
%patch1 -p1 -b .confi
%patch2 -p1 -b .buffer
%build
cd unix
@ -107,6 +109,10 @@ rm -rf %{buildroot}
%{_mandir}/man3/*
%changelog
* Mon Sep 17 2007 Marcela Maslanova <mmaslano@redhat.com> - 1:8.4.15-5
- CVE-2007-4851 Tk GIF processing buffer overflow
- Resolves: rhbz#290991
* Fri Aug 31 2007 Jeremy Katz <katzj@redhat.com> - 1:8.4.15-4
- BR gawk to unbreak things