226079 2008-06-12 14:29 0000 www-client/opera <9.50 - Multiple vulnerabilities (CVE-2008-{2714,2715,2716}) 2008-06-23 11:54:29 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.opera.com/docs/changelogs/linux/950/#security B3 [noglsa] P2 minor --- 226139 1 jer@gentoo.org security@gentoo.org jer@gentoo.org 2008-06-12 14:29:01 0000 Advisories: http://www.opera.com/support/search/view/878/ http://www.opera.com/support/search/view/883/ http://www.opera.com/support/search/view/885/ From the [URL]: * Fixed an issue where certain characters could obscure the page address, as reported by Tony Thomas. See our advisory. * Solved an issue where Images could be read cross-domain with canvas, as reported by Philip Taylor. See our advisory. * Pages held in frames are no longer able to change the location of pages in unrelated frames on the parent page. See our advisory. * Improved Fraud Protection now includes advanced malware prevention and upgraded phishing detection technologies. See article: Opera Fraud Protection. * Added support for Extended Validation (EV) certificates. * Added automatic downloading of trusted root certificates when required. * Disabled SSL v2 and weak ciphers. * Improvements made to certificate handling, the new certificate repository and the certificates UI. * Introduced a new security notification scheme in the address field: + black padlock with a check mark on green field for secure sites with Extended Validation + black padlock without a check mark on yellow field for regular secure sites question mark on gray field for HTTPS sites with issues + no notification for normal sites + fraud warning on red field for blacklisted sites * Opera now distinguishes between local servers on localhost, intranet servers, and remote servers on the Internet. * Local servers can use remote resources, but not vice versa. jer@gentoo.org 2008-06-12 14:31:08 0000 Oh, and it's in the tree. This should be as easy as a call for stabilisation from amd64, ppc, x86 and x86-fbsd. :) rbu@gentoo.org 2008-06-12 15:00:08 0000 Arches, please test and mark stable: =www-client/opera-9.50 Target keywords : "amd64 ppc release sparc x86" rbu@gentoo.org 2008-06-12 15:01:22 0000 (In reply to comment #0) > http://www.opera.com/support/search/view/878/ According to the description, this issue has been addressed in 9.26 already, so it does not affect our stable. fauli@gentoo.org 2008-06-13 06:50:00 0000 x86 stable armin76@gentoo.org 2008-06-13 09:43:46 0000 Opera dropped support for sparc, so nothing we can do about it. dertobi123@gentoo.org 2008-06-13 15:04:21 0000 ppc stable ken69267@gentoo.org 2008-06-13 15:35:09 0000 amd64 stable rbu@gentoo.org 2008-06-14 14:26:38 0000 (In reply to comment #5) > Opera dropped support for sparc, so nothing we can do about it. In which case we should either p.mask the old Opera releases on sparc, or drop their sparc keywords. jer@gentoo.org 2008-06-15 21:30:40 0000 (In reply to comment #8) > (In reply to comment #5) > > Opera dropped support for sparc, so nothing we can do about it. > > In which case we should either p.mask the old Opera releases on sparc, or drop > their sparc keywords. It's a closed source package, so keywords are added and dropped as versions per architecture are available. I have no opinion on whether to keep 9.27 p.masked and with all keywords except sparc dropped. SPARC team should decide about this. pva@gentoo.org 2008-06-16 16:43:40 0000 Fixed in release snapshot. armin76@gentoo.org 2008-06-17 09:54:08 0000 Okay, feel free to p.mask it and keep the sparc keyword. jer@gentoo.org 2008-06-17 15:28:26 0000 (In reply to comment #11) > Okay, feel free to p.mask it and keep the sparc keyword. It is done. Now is the time for sparc workstation users to ask Opera, Inc. loudly to support their arch again. :) rbu@gentoo.org 2008-06-18 23:19:25 0000 GLSA vote, I vote NO. vorlon@gentoo.org 2008-06-23 11:54:29 0000 agreed -> noglsa