First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 230633
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: georgia_tech_swagger <gts@ncaabbs.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 230633 depends on: Show dependency tree
Show dependency graph
Bug 230633 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-07-03 13:54 0000 
http://www.opera.com/download/linux/

Version bump ftw ;)

------- Comment #1 From Carsten Lohrke 2008-07-03 15:19:37 0000 ------- 
Please do not file 0'day requests. When the maintainer doesn't react within a
week, it's early enough to do so.

------- Comment #2 From Jeroen Roovers 2008-07-03 20:45:45 0000 ------- 
(In reply to comment #0)
> http://www.opera.com/download/linux/
> 
> Version bump ftw ;)

Thank you very much for reporting. Sorry I couldn't respond sooner.

Please don't be discouraged by the request not to file "0-day" requests. I've
never seen any developer respond badly to such early version bump request
filings - especially with cases such as this one, where there are security
vulnerabilities to fix.

------- Comment #3 From Jeroen Roovers 2008-07-03 20:48:48 0000 ------- 
== Security ==
* Fixed an issue where <canvas> functions could reveal data from random places
in memory, as reported by Philip Taylor. See our advisory[1].
* Security status is now correctly set when navigating from HTTP to HTTPS.
* Corrected an issue related to OCSP and CRLs[2] that would lower security. 
Note: This will take effect with the weekly update, or when checking manually
for an update (Help > Check for Updates).

[1] http://www.opera.com/support/search/view/887/
[2]
http://my.opera.com/yngve/blog/2008/06/27/nobody-checks-the-padlock-debunked-by-opera-users

------- Comment #4 From Carsten Lohrke 2008-07-03 21:47:36 0000 ------- 
(In reply to comment #2)
> Please don't be discouraged by the request not to file "0-day" requests. I've
> never seen any developer respond badly to such early version bump request
> filings - especially with cases such as this one, where there are security
> vulnerabilities to fix.

Are you trying to start a pissing contest? This is my copy and paste standard
phrase for "early" version bump requests. Quite a number of devs are not amused
by a certain subset of users filing requests for software the second the
release announcement is out. Most of us find more time-consuming bug spam in
our inboxes, than we like. Filing a bug wrt. a vulnerabilty ASAP is fine of
course, but I really do not have the time to look up for every single version
bump request, if this may be the case. Bug has been assigned, so all is fine
and there's no point to send bug spam my way should this happen again in
future. Thanks.

------- Comment #5 From Jeroen Roovers 2008-07-03 22:59:38 0000 ------- 
# ChangeLog for www-client/opera
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/www-client/opera/ChangeLog,v 1.255
2008/07/03 22:52:38 jer Exp $

*opera-9.51 (03 Jul 2008)

  03 Jul 2008; Jeroen Roovers <jer@gentoo.org> +opera-9.51.ebuild:
  Version bump thanks to georgia_tech_swagger (bug #230633). Allow amd64 users
  to choose any x86 version (bug #227339).

------- Comment #6 From Robert Buchholz 2008-07-03 23:34:59 0000 ------- 
Arches, please test and mark stable:
=www-client/opera-9.51
Target keywords : "amd64 ppc sparc x86"

------- Comment #7 From Jeroen Roovers 2008-07-03 23:59:21 0000 ------- 
@amd64: It's probably a good idea to mask the new `ia32' USE flag (bug # for
more info) generally and then unmask it for amd64, while you're at it. :)

------- Comment #8 From Christian Faulhammer 2008-07-04 06:42:59 0000 ------- 
x86 stable

------- Comment #9 From Raúl Porcel 2008-07-04 18:25:58 0000 ------- 
no 9.5x versions on sparc, so nothing to do here

------- Comment #10 From Thomas Anderson 2008-07-04 21:00:14 0000 ------- 
amd64 stable

------- Comment #11 From Tobias Scherbaum 2008-07-05 10:30:59 0000 ------- 
ppc stable

------- Comment #12 From Jeroen Roovers 2008-07-05 15:10:17 0000 ------- 
Removed <www-client/opera-9.51.

------- Comment #13 From Matthias Geerdsen 2008-07-07 13:58:20 0000 ------- 
voting for NO glsa

------- Comment #14 From Pierre-Yves Rofes 2008-07-07 14:10:30 0000 ------- 
voting NO too and closing.
First Last Prev Next    No search results available      Search page      Enter new bug