Debian Bug report logs -
#485785
libtk-img: CVE-2008-0553 buffer overflow in ReadImage() leading to arbitrary code execution via crafted GIF
Reported by: Nico Golde <nion@debian.org>
Date: Wed, 11 Jun 2008 12:54:01 UTC
Severity: grave
Tags: patch, security
Fixed in version libtk-img/1:1.3-release-7
Done: Sergei Golovan <sgolovan@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>:
Bug#485785; Package libtk-img.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Sergei Golovan <sgolovan@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libtk-img
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libtk-img.
CVE-2008-0553[0]:
| Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in
| Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary
| code via a crafted GIF image, a similar issue to CVE-2006-4484.
This also affects gif/gif.c in libtk-img and is fixed in
upstream commit:
http://tkimg.svn.sourceforge.net/viewvc/tkimg/trunk/gif/gif.c?r1=132&r2=135&view=patch&pathrev=135
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
http://security-tracker.debian.net/tracker/CVE-2008-0553
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>:
Bug#485785; Package libtk-img.
(full text, mbox, link).
Acknowledgement sent to "Sergei Golovan" <sgolovan@nes.ru>:
Extra info received and forwarded to list. Copy sent to Sergei Golovan <sgolovan@debian.org>.
(full text, mbox, link).
Message #10 received at 485785@bugs.debian.org (full text, mbox, reply):
On Wed, Jun 11, 2008 at 2:50 PM, Nico Golde <nion@debian.org> wrote:
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for libtk-img.
I'll upload a fixed package on Sunday (June 15). Thanks for the report!
Is a stable security team informed about this vulnerability, or should
I write them a mail?
--
Sergei Golovan
Information forwarded to debian-bugs-dist@lists.debian.org, Sergei Golovan <sgolovan@debian.org>:
Bug#485785; Package libtk-img.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Sergei Golovan <sgolovan@debian.org>.
(full text, mbox, link).
Message #15 received at 485785@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Sergei,
* Sergei Golovan <sgolovan@nes.ru> [2008-06-12 10:33]:
> On Wed, Jun 11, 2008 at 2:50 PM, Nico Golde <nion@debian.org> wrote:
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for libtk-img.
>
> I'll upload a fixed package on Sunday (June 15). Thanks for the report!
>
> Is a stable security team informed about this vulnerability, or should
> I write them a mail?
They are aware of this through our security tracker.
Still if you have the time to prepare an update for stable
that would help I think.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Sergei Golovan <sgolovan@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 485785-close@bugs.debian.org (full text, mbox, reply):
Source: libtk-img
Source-Version: 1:1.3-release-7
We believe that the bug you reported is fixed in the latest version of
libtk-img, which is due to be installed in the Debian FTP archive:
libtk-img-dev_1.3-release-7_i386.deb
to pool/main/libt/libtk-img/libtk-img-dev_1.3-release-7_i386.deb
libtk-img-doc_1.3-release-7_all.deb
to pool/main/libt/libtk-img/libtk-img-doc_1.3-release-7_all.deb
libtk-img_1.3-release-7.diff.gz
to pool/main/libt/libtk-img/libtk-img_1.3-release-7.diff.gz
libtk-img_1.3-release-7.dsc
to pool/main/libt/libtk-img/libtk-img_1.3-release-7.dsc
libtk-img_1.3-release-7_i386.deb
to pool/main/libt/libtk-img/libtk-img_1.3-release-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 485785@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <sgolovan@debian.org> (supplier of updated libtk-img package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 15 Jun 2008 19:47:36 +0400
Source: libtk-img
Binary: libtk-img libtk-img-dev libtk-img-doc
Architecture: source all i386
Version: 1:1.3-release-7
Distribution: unstable
Urgency: high
Maintainer: Sergei Golovan <sgolovan@debian.org>
Changed-By: Sergei Golovan <sgolovan@debian.org>
Description:
libtk-img - Extended image format support for Tcl/Tk (runtime)
libtk-img-dev - Extended image format support for Tcl/Tk (development files)
libtk-img-doc - Extended image format support for Tcl/Tk (manual pages)
Closes: 482710 485785
Changes:
libtk-img (1:1.3-release-7) unstable; urgency=high
.
* Fixed CVE-2008-0553 vulnerability (Stack-based buffer overflow in the
ReadImage function in tkImgGIF.c allows remote attackers to execute
arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.)
Thanks Nico Golde for the patch. Closes: #485785.
* Set urgency to high as this upload fixes a security vulnerability.
* Protected quilt invocation in debian/rules to make it possible to convert
bwidget source package to 3.0 (quilt) format (closes: #482710).
* Bumped standards version to 3.8.0.
Files:
11e571379a64af8433324d435ff6bf34 1179 libs optional libtk-img_1.3-release-7.dsc
72b83f53330a3c234ad6403059560d41 30469 libs optional libtk-img_1.3-release-7.diff.gz
5492eccd415fc26c4ad24437fdee7191 89068 doc optional libtk-img-doc_1.3-release-7_all.deb
78d006d00c0aa7687bf01fc1c6c2490f 119812 libs optional libtk-img_1.3-release-7_i386.deb
91a5f7eea9264d0ef2ed42e6d9308b9b 59644 libdevel optional libtk-img-dev_1.3-release-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIVUIgIcdH02pGEFIRAobxAJoD8TxrBOOUV3NyGmfpidOnbKpnDwCePDxF
PWMFz5MKN9XxwYgdo04vanU=
=F339
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 27 Jul 2008 07:34:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:29:37 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon