475832 – <www-client/opera-12.16_p1860 ships a leaked certificate

Bug 475832 - <www-client/opera-12.16_p1860 ships a leaked certificate

Summary: <www-client/opera-12.16_p1860 ships a leaked certificate

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://www.opera.com/security/advisor...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-07-05 12:56 UTC by Jeroen Roovers (RETIRED)
Modified:	2013-08-29 10:51 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2013-07-05 12:56:19 UTC

Opera Software recently experienced an attack on the internal infrastructure[1]. Following best practices, Opera Software is replacing signing certificates in Opera with newly issued certificates. Certificates in Opera include the code signing certificate for desktop binaries and the signing certificate for automatic updates to browser.js[2]. Opera's rootstore was not affected by the attack and certificates used for accessing HTTPS websites are unchanged by this update.

[1] http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack
[2] http://www.opera.com/docs/browserjs/

Comment 1 Agostino Sarubbo gentoo-dev

2013-07-05 18:21:21 UTC

amd64 stable

Comment 2 Agostino Sarubbo gentoo-dev

2013-07-05 18:21:55 UTC

x86 stable

Comment 3 Chris Reffett (RETIRED) gentoo-dev

2013-07-07 12:33:54 UTC

Stable, no vulnerable in tree, GLSA?

Comment 4 Chris Reffett (RETIRED) gentoo-dev

2013-08-27 03:31:22 UTC

GLSA vote: no.

Comment 5 Sergey Popov gentoo-dev

2013-08-29 10:51:45 UTC

GLSA vote: no

Closing as noglsa