400573 – <www-client/opera-11.61.1250 - XSS and information disclosure

Bug 400573 - <www-client/opera-11.61.1250 - XSS and information disclosure

Summary: <www-client/opera-11.61.1250 - XSS and information disclosure

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://www.opera.com/docs/changelogs/...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-01-24 10:57 UTC by Jeroen Roovers (RETIRED)
Modified:	2012-02-20 21:51 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2012-01-24 10:57:37 UTC

= Fixed an issue where manipulation of framed content can allow cross-site scripting, as reported by Michal Zalewski; see our advisory[1]
= Fixed an issue here script events could be used to reveal the presence of local files; see our advisory[2]

Arch teams, please test and mark stable:
=www-client/opera-11.61.1250
Target KEYWORDS="amd64 x86"


[1] http://www.opera.com/support/kb/view/1007/
[2] http://www.opera.com/support/kb/view/1008/

Comment 1 Thomas Kahle (RETIRED) gentoo-dev

2012-01-24 13:38:44 UTC

x86 done. Thanks

Comment 2 Agostino Sarubbo gentoo-dev

2012-01-24 13:48:33 UTC

amd64 stable



@security, please vote

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2012-01-26 05:38:03 UTC

Thanks, folks. GLSA Vote: no.

Comment 4 Sean Amoss (RETIRED) gentoo-dev

2012-02-20 21:51:33 UTC

Vote: no, too. Closing [noglsa]