Date: Fri, 2 May 2008 11:47:16 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: CVE-2008-0553 / CVE-2006-4484 also affects tkimg Hi! It was brought to our attention that tkimg uses / forks tk gif handling code and is affected by CVE-2008-0553 (as used for tk) / CVE-2006-4484 (as used for gd). http://tkimg.svn.sourceforge.net/viewvc/tkimg?view=rev&revision=135 Tk fix: http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41 tkimg changelog uses CVE-2006-4484 (as it's used in the tk commit message as well), but CVE-2008-0553 should probably be used here. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.