Tcl Tk vulnerabilities

CVE-2016-2337 [CRITICAL] CVE-2016-2337: Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type o Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

CVE-2007-4772 [MEDIUM] CWE-399 CVE-2007-4772: The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 befo The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.