Package: tk8.4 Version: 8.4.19-2 Severity: important ubuntu has just released "fixes" for a buffer overrun flaw in tk [1]. they describe the problem as:
It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. i am setting the severity important (rather than grave) since the debian security tracker [2] already says that the problem is "not-for-us," so it may not affect debian at all. maybe ubuntu has once again overreacted by "fixing" a problem that isn't really a problem? [1] http://www.ubuntu.com/usn/USN-664-1 [2] http://security-tracker.debian.net/tracker/CVE-2008-0533 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
