From d78a576aec8084dd0458db55e191434108455815 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Mon, 17 Sep 2007 07:37:51 +0000 Subject: [PATCH] CVE-2007-4851 Tk GIF processing buffer overflow --- tk-gifoverflow.patch | 11 +++++++++++ tk.spec | 10 ++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 tk-gifoverflow.patch diff --git a/tk-gifoverflow.patch b/tk-gifoverflow.patch new file mode 100644 index 0000000..0a404aa --- /dev/null +++ b/tk-gifoverflow.patch @@ -0,0 +1,11 @@ +--- tk8.4.15/generic/tkImgGIF.c.old 2006-03-27 14:13:56.000000000 +0200 ++++ tk8.4.15/generic/tkImgGIF.c 2007-09-17 09:28:42.000000000 +0200 +@@ -995,7 +995,7 @@ + */ + if (interlace) { + ypos += interlaceStep[pass]; +- while (ypos >= height) { ++ while (ypos >= rows) { + pass++; + if (pass > 3) { + return TCL_OK; diff --git a/tk.spec b/tk.spec index 615789a..a51553a 100644 --- a/tk.spec +++ b/tk.spec @@ -3,7 +3,7 @@ Summary: The graphical toolkit for the Tcl scripting language Name: tk Version: %{majorver}.15 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 1 License: TCL Group: Development/Languages @@ -18,6 +18,7 @@ BuildRequires: libX11-devel, gawk # panedwindow.n from itcl conflicts Conflicts: itcl <= 3.2 Patch1: tk-confi.patch +Patch2: tk-gifoverflow.patch %description When paired with the Tcl scripting language, Tk provides a fast and powerful @@ -39,7 +40,8 @@ The package contains the development files and man pages for tk. %prep %setup -n %{name}%{version} -q -%patch1 -p1 -b .confi +%patch1 -p1 -b .confi +%patch2 -p1 -b .buffer %build cd unix @@ -107,6 +109,10 @@ rm -rf %{buildroot} %{_mandir}/man3/* %changelog +* Mon Sep 17 2007 Marcela Maslanova - 1:8.4.15-5 +- CVE-2007-4851 Tk GIF processing buffer overflow +- Resolves: rhbz#290991 + * Fri Aug 31 2007 Jeremy Katz - 1:8.4.15-4 - BR gawk to unbreak things