Bug 264831 (CVE-2009-1234)

Summary:	<www-client/opera-10 DoS (crash) (CVE-2009-1234)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	jer
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-04-04 06:49:32 UTC

CVE-2009-1234 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234):
  Opera 9.64 allows remote attackers to cause a denial of service
  (application crash) via an XML document containing a long series of
  start-tags with no corresponding end-tags.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-04-23 17:25:41 UTC

This might be considered a non-issue if it just causes opera to crash...

Comment 2 Alex Legler (RETIRED) archtester

2009-09-22 12:13:58 UTC

Seems to be fixed in 10.0 which is already stabilized.

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2009-10-20 19:21:13 UTC

A request is in for bug 264831, so this can easily be included. I vote YES.

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2009-10-26 23:10:29 UTC

Yes, too. (You meant #283391, this is #264831)

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2012-06-15 17:39:59 UTC

This issue was resolved and addressed in
 GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml
by GLSA coordinator Sean Amoss (ackle).