-
tk8.4 (8.4.16-2ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: buffer overflow and potential arbitrary code execution
via crafted GIF image (LP: #191204)
- debian/patches/cve-2008-0553.diff fix from upstream for
generic/tkImgGIF.c to validate initialCodeSize
- http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
- CVE-2008-0553
-- Marc Deslauriers <email address hidden> Tue, 04 Nov 2008 12:50:30 -0500
-
tk8.4 (8.4.16-2ubuntu1) hardy; urgency=low
* debian/rules: quote CFLAGS when passing to the shell, not when
assigning to a make variable; otherwise the quotes end up as part of
the variable and many things go wrong, leading to a build failure.
LP: #194564.
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Steve Langasek <email address hidden> Mon, 25 Feb 2008 18:00:24 +0000
-
tk8.4 (8.4.16-2) unstable; urgency=low
* Removed TK_INC_DIR from tkConfig.sh and tcl.m4.
* Added -fno-unit-at-a-time option to match tcl8.4 build options.
* Moved architecture independent files from /usr/lib/tk8.4 to
/usr/share/tcltk/tk8.4. To keep backward compatibility tkConfig.sh is
linked into /usr/lib/tk8.4 directory.
* Fixed bug with update-alternatives in prerm script.
* Removed conflicts with tcl and providing tcl-dev packages from
debian/control to prepare binary packages for default tcl and tcl-dev.
* Added Homepage field to debian/control.
* Fixed segfault in case if only scalable fonts are available and the best
scored font is infeasible (closes: #444546).
* Rearranged conflicts of tk8.4-doc package because of planned adoption of
real tk-doc package.
tk8.4 (8.4.16-1) unstable; urgency=low
* New upstream version.
* Cleaned up patches in debian/patches.
* Added patch by Massimo Dal Zotto with workaround for scalable fonts
treated as fixed.
* Added /usr/lib/tcl8.4 to a search path for tclConfig.sh and /usr/lib/tk8.4
to a search path for tkConfig.sh in tcl.m4.
* Removed 10 years old patch which increases PIL (Python imaging library)
bitmaps loading performance.
* Added uscan control file debian/watch.
* Bumped debhelper compatibility to 5.
tk8.4 (8.4.15-2) unstable; urgency=low
* Added Sergei Golovan to uploaders list.
* Removed tk-dev from packages, conflicting with tk8.4-dev. It allows to
install tk8.4-dev aside with tk8.3-dev (they aren't conflicting by files).
* Removed --enable-64bit configure option from debian/rules.
* Replaced deprecated ${Source-Version} substitution variable by
${binary:Version}.
* Moved menu item from obsolete Apps to Applications section.
-- Philipp Kern <email address hidden> Thu, 22 Nov 2007 07:25:45 +0000
-
tk8.4 (8.4.15-1ubuntu1) gutsy; urgency=low
* SECURITY UPDATE: buffer overflow and potential arbitrary code execution
via crafted GIF image
* fix for generic/tkImgGIF.c to properly handle files with smaller later
frames
* References
CVE-2007-5137
LP: #151008
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Jamie Strandboge <email address hidden> Tue, 09 Oct 2007 17:21:10 +0000