CVE-2007-5137

Note

CVE only affects feisty and gutsy tk8.4.  These releases have a fix
for tcl/tk bug #1458234, which either introduced or unmasked the issue in
this CVE (investigate). Bug #1458234 is a memory corruption crasher as well,
and though it doesn't have a CVE, it should be fixed. tk8.3 is affected by
#1458234 in all releases, so when fixing it, be sure to fix the CVE as well.
tk8.4 in dapper and edgy need both fixes too.

Package	Release	Status
libtk-img Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	gutsy	Ignored (end of life, was needed)
	hardy	Ignored (end of life)
	intrepid	Released (1:1.3-release-7+lenny1build0.8.10.1)
	jaunty	Not vulnerable
	karmic	Not vulnerable
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Not vulnerable
	oneiric	Not vulnerable
	upstream	Released (1:1.3-release-8)
tk8.3 Launchpad, Ubuntu, Debian	dapper	Released (8.3.5-4ubuntu1.1)
	edgy	Released (8.3.5-6ubuntu1.1)
	feisty	Released (8.3.5-6ubuntu2.1)
	hardy	Not vulnerable (8.3.5-12ubuntu1)
	intrepid	Not vulnerable
	jaunty	Not vulnerable
	karmic	Not vulnerable
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Not vulnerable
	oneiric	Does not exist
	upstream	Released (8.3.5-9)
tk8.4 Launchpad, Ubuntu, Debian	dapper	Released (8.4.12-0ubuntu1.1)
	edgy	Released (8.4.12-1ubuntu0.1)
	feisty	Released (8.4.14-0ubuntu2.1)
	hardy	Not vulnerable (8.4.16-2ubuntu1)
	intrepid	Not vulnerable
	jaunty	Not vulnerable
	karmic	Not vulnerable
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Not vulnerable
	oneiric	Not vulnerable
	upstream	Released (8.4.16)

CVE-2007-5137

Notes

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading