Your message dated Tue, 11 Nov 2008 16:29:04 -0500
with message-id <[EMAIL PROTECTED]>
and subject line re: #505363
has caused the Debian Bug report #505363,
regarding tk8.4: CVE-2008-0533 buffer overrun flaw
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
505363: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505363
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: tk8.4
Version: 8.4.19-2
Severity: important
ubuntu has just released "fixes" for a buffer overrun flaw in tk [1].
they describe the problem as:
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
i am setting the severity important (rather than grave) since the
debian security tracker [2] already says that the problem is
"not-for-us," so it may not affect debian at all. maybe ubuntu has
once again overreacted by "fixing" a problem that isn't really a
problem?
[1] http://www.ubuntu.com/usn/USN-664-1
[2] http://security-tracker.debian.net/tracker/CVE-2008-0533
--- End Message ---
--- Begin Message ---
i appologize, this was a typo on my part. the correct CVE is
CVE-2008-0553, which has been fixed in debian [1].
[1] http://security-tracker.debian.net/tracker/CVE-2008-0553
--- End Message ---
