rpms/tk/F-7 tk-gifoverflow.patch,NONE,1.1 tk.spec,1.39,1.40

Marcela Mašláňová (mmaslano) fedora-extras-commits at redhat.com
Mon Oct 15 14:31:40 UTC 2007


Author: mmaslano

Update of /cvs/pkgs/rpms/tk/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23651

Modified Files:
	tk.spec 
Added Files:
	tk-gifoverflow.patch 
Log Message:
CVE-2007-5137 gif buffer overflow.


tk-gifoverflow.patch:

--- NEW FILE tk-gifoverflow.patch ---
--- tk8.4.15/generic/tkImgGIF.c.old	2006-03-27 14:13:56.000000000 +0200
+++ tk8.4.15/generic/tkImgGIF.c	2007-09-17 09:28:42.000000000 +0200
@@ -995,7 +995,7 @@
 	 */
 	if (interlace) {
 	    ypos += interlaceStep[pass];
-	    while (ypos >= height) {
+	    while (ypos >= rows) {
 		pass++;
 		if (pass > 3) {
 		    return TCL_OK;


Index: tk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tk/F-7/tk.spec,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- tk.spec	20 Feb 2007 18:07:27 -0000	1.39
+++ tk.spec	15 Oct 2007 14:31:08 -0000	1.40
@@ -3,7 +3,7 @@
 Summary: The graphical toolkit for the Tcl scripting language
 Name: tk
 Version: %{majorver}.13
-Release: 5%{?dist}
+Release: 6%{?dist}
 Epoch:   1
 License: BSD
 Group: Development/Languages
@@ -22,6 +22,7 @@
 Patch3: tk-8.4-no_rpath.patch
 Patch4: tk-8.4.13-autoconf.patch
 Patch5: tk-8.4.13-cflags.patch
+Patch6: tk-gifoverflow.patch
 
 %description
 When paired with the Tcl scripting language, Tk provides a fast and powerful
@@ -49,6 +50,7 @@
 %patch3 -p1 -b .3-rpath
 %patch4 -p1 -b .4-ac213
 %patch5 -p1 -b .5-cflags
+%patch6 -p1 -b .6-gif
 
 # patch1 touches tcl.m4
 %build
@@ -117,6 +119,9 @@
 %{_mandir}/man3/*
 
 %changelog
+* Mon Oct 15 2007 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.13-6
+- CVE-2007-5137 gif buffer overflow
+
 * Thu Feb 20 2007 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.13-5
 - rhbz#226494 review again
 




More information about the fedora-extras-commits mailing list