Version in base suite: 8.3.5-4
Version in overlay suite: (not present)

Base version: tk8.3_8.3.5-4
Target version: tk8.3_8.3.5-4sarge1
Base file: /org/ftp.debian.org/ftp/pool/main/t/tk8.3/tk8.3_8.3.5-4.dsc
Target file: /org/ftp.debian.org/queue/o-p-u-new/tk8.3_8.3.5-4sarge1.dsc

diff -u tk8.3-8.3.5/debian/changelog tk8.3-8.3.5/debian/changelog
--- tk8.3-8.3.5/debian/changelog
+++ tk8.3-8.3.5/debian/changelog
@@ -1,3 +1,9 @@
+tk8.3 (8.3.5-4sarge1) oldstable-security; urgency=high
+
+  * Fix CVE-2008-0553.
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Thu,  7 Feb 2008 23:12:57 +0000
+
 tk8.3 (8.3.5-4) unstable; urgency=low
 
   * Added support for GNU/FreeBSD (closes: #200530).
only in patch2:
unchanged:
--- tk8.3-8.3.5.orig/generic/tkImgGIF.c
+++ tk8.3-8.3.5/generic/tkImgGIF.c
@@ -808,6 +808,12 @@
 		Tcl_PosixError(interp), (char *) NULL);
 	return TCL_ERROR;
     }
+
+    if (initialCodeSize > MAX_LWZ_BITS) {
+	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
+	return TCL_ERROR;
+    }
+
     if (transparent!=-1) {
 	cmap[transparent][CM_RED] = 0;
 	cmap[transparent][CM_GREEN] = 0;