Version in base suite: 8.4.9-1sarge1
Version in overlay suite: 8.4.9-1sarge2

Base version: tk8.4_8.4.9-1sarge1
Target version: tk8.4_8.4.9-1sarge2
Base file: /org/ftp.debian.org/ftp/pool/main/t/tk8.4/tk8.4_8.4.9-1sarge1.dsc
Target file: /org/ftp.debian.org/ftp/pool/main/t/tk8.4/tk8.4_8.4.9-1sarge2.dsc

diff -u tk8.4-8.4.9/generic/tkImgGIF.c tk8.4-8.4.9/generic/tkImgGIF.c
--- tk8.4-8.4.9/generic/tkImgGIF.c
+++ tk8.4-8.4.9/generic/tkImgGIF.c
@@ -825,6 +825,12 @@
 		Tcl_PosixError(interp), (char *) NULL);
 	return TCL_ERROR;
     }
+
+    if (initialCodeSize > MAX_LWZ_BITS) {
+	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
+	return TCL_ERROR;
+    }
+
     if (transparent != -1) {
 	cmap[transparent][CM_RED] = 0;
 	cmap[transparent][CM_GREEN] = 0;
diff -u tk8.4-8.4.9/debian/changelog tk8.4-8.4.9/debian/changelog
--- tk8.4-8.4.9/debian/changelog
+++ tk8.4-8.4.9/debian/changelog
@@ -1,3 +1,9 @@
+tk8.4 (8.4.9-1sarge2) oldstable-security; urgency=high
+
+  * Fix CVE-2008-0553
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Thu,  7 Feb 2008 23:29:32 +0000
+
 tk8.4 (8.4.9-1sarge1) oldstable-security; urgency=high
 
   * Applied patches by Nico Golde which correctly fix security