CVE-2007-4851 Tk GIF processing buffer overflow

tk-gifoverflow.patch

@@ -0,0 +1,11 @@
+--- tk8.4.15/generic/tkImgGIF.c.old	2006-03-27 14:13:56.000000000 +0200
++++ tk8.4.15/generic/tkImgGIF.c	2007-09-17 09:28:42.000000000 +0200
+@@ -995,7 +995,7 @@
+ 	 */
+ 	if (interlace) {
+ 	    ypos += interlaceStep[pass];
+-	    while (ypos >= height) {
++	    while (ypos >= rows) {
+ 		pass++;
+ 		if (pass > 3) {
+ 		    return TCL_OK;

tk.spec

@@ -3,7 +3,7 @@
 Summary: The graphical toolkit for the Tcl scripting language
 Name: tk
 Version: %{majorver}.15
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch:   1
 License: TCL
 Group: Development/Languages
@@ -18,6 +18,7 @@ BuildRequires: libX11-devel, gawk
 # panedwindow.n from itcl conflicts
 Conflicts: itcl <= 3.2
 Patch1: tk-confi.patch
+Patch2: tk-gifoverflow.patch
 
 %description
 When paired with the Tcl scripting language, Tk provides a fast and powerful
@@ -40,6 +41,7 @@ The package contains the development files and man pages for tk.
 %setup -n %{name}%{version} -q
 
 %patch1 -p1 -b .confi
+%patch2 -p1 -b .buffer
 
 %build
 cd unix
@@ -107,6 +109,10 @@ rm -rf %{buildroot}
 %{_mandir}/man3/*
 
 %changelog
+* Mon Sep 17 2007 Marcela Maslanova <mmaslano@redhat.com> - 1:8.4.15-5
+- CVE-2007-4851 Tk GIF processing buffer overflow
+- Resolves: rhbz#290991
+
 * Fri Aug 31 2007 Jeremy Katz <katzj@redhat.com> - 1:8.4.15-4
 - BR gawk to unbreak things