[Frugalware-darcs] homepage-ng: FSA193-tcl

voroskoi voroskoi at frugalware.org
Thu Jun 7 12:19:59 CEST 2007

Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607101223-dd049-9bdd12c2577a513395f3596c8ce9e786266719a1.gz;

voroskoi <voroskoi at frugalware.org>**20070607101223] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>193</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>tcl</package>
+		<vulnerable>8.4.14-1</vulnerable>
+		<unaffected>8.4.15-1terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2118</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2877</cve>
+		<desc>Martin Lemburg has reported a security issue in Tcl, which potenti=
ally can be exploited by malicious, local users to gain escalated privilege=
s. The security issue is caused due to a boundary error within tcl/win/tclW=
inReg.c when processing overly long registry key names. This can be exploit=
ed to cause a buffer overflow by e.g. creating a malicious registry key and=
 enticing another user to query it with an application using Tcl.</desc>
+	</fsa>

More information about the Frugalware-darcs mailing list