From ${URL} : Description A weakness and a vulnerability have been reported in Opera, where one has an unknown impact and the other can be exploited by malicious people to disclose potentially sensitive information. 1) The weakness is caused due to the application allowing cookies to be set for top-level domains, which may lead to the cookie being exposed to other websites under the same top-level domain. 2) An unspecified error exists. No further information is currently available. The weakness and a vulnerability are reported in version 12.14. Prior versions may also be affected. Solution Update to version 12.15. Provided and/or discovered by 1) Reported by the vendor 2) The vendor credits Attila Suszter Original Advisory Opera: http://www.opera.com/docs/changelogs/unified/1215/
* Fixed a moderately severe issue, as reported by Attila Suszter; details will be disclosed at a later date. * Added safeguards against attacks on the RC4 encryption protocol; see our advisory[1]. * Fixed an issue where cookies could be set for a top-level domain; see our advisory[2]. [1] http://www.opera.com/security/advisory/1046 [2] http://www.opera.com/security/advisory/1047
Arch teams, please test and mark stable: =www-client/opera-12.15_p1748 Stable KEYWORDS : amd64 x86
amd64 stable
x86 stable
GLSA vote: no.
CVE-2013-3211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3211): Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue." CVE-2013-3210 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3210): Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
GLSA vote: no Closing as noglsa