188987 2007-08-15 13:23 0000 www-client/opera < 9.23 - arbitrary code execution 2007-08-22 22:43:23 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.opera.com/support/search/view/865/ B2 [glsa] P2 normal --- 1 fauli@gentoo.org security@gentoo.org jer@gentoo.org fauli@gentoo.org 2007-08-15 13:23:35 0000 "Fixed a JavaScript security issue discovered with Mozilla's jsfunfuzz tool. See our advisory." [...] "A virtual function call on an invalid pointer that may reference data crafted by the attacker can be used to execute arbitrary code." 9.23 fixes it. Not in the tree yet. jer@gentoo.org 2007-08-15 14:24:53 0000 www-client/opera-9.23 is in CVS. fauli@gentoo.org 2007-08-15 15:55:55 0000 My proposal for severity is B2 and I hope security team is not pissed when I cc arches. Please mark stable www-client/opera-9.23, thanks. x86 stable. gustavoz@gentoo.org 2007-08-15 16:23:34 0000 sparc stable, and unmasked it - otherwise it's no good for anyone! angelos@gentoo.org 2007-08-15 17:13:11 0000 amd64 stable dertobi123@gentoo.org 2007-08-15 21:27:30 0000 ppc stable, ready for glsa (voting?) falco@gentoo.org 2007-08-20 09:38:17 0000 merging GLSA with bug 185497. No vote needed, it's A2 (code execution) falco@gentoo.org 2007-08-22 22:43:23 0000 GLSA 200708-17, combined with bug 185497. Thanks everybody!