Bugzilla Bug 147838

According to this

According to this¹ site, Opera, similar to the recently fixed openssl and
mozilla packages, accepts faked ssl certificates as well.


[1] http://www.cdc.informatik.tu-darmstadt.de/securebrowser/

This should be fixed in 9.02.

*** Bug 148489 has been marked as a duplicate of this bug. ***

Axxo, 9.02 is available. Please bump.

Huh, isn't that 9.02 RC2, still?

/me kicks squid :(

Created an attachment (id=97697) [details]
opera 9.02 ebuild

Created an attachment (id=97698) [details]
opera 9.02 install patch

put into files/ directory with ebuild

(In reply to comment #6)
> Created an attachment (id=97697) [edit] [details]
> opera 9.02 ebuild
> 

(In reply to comment #7)
> Created an attachment (id=97698) [edit] [details]
> opera 9.02 install patch
> 
> put into files/ directory with ebuild
> 

Sorry, both of you. As bug 146702 shows, the ebuild has been in the tree for a
few decaminutes and the stabilisation procedure has started. This bug depends
on the stabilisation bug.

www-client/opera-9.02 is stable on all arches.

This one is ready for GLSA vote.

*cough* stabling of security bugs should be handled on the related security bug
report, not on other bug reports ...

@Jeroen, Tobias is right. We usually mark stable on the security bug so arches
know what is up.

(In reply to comment #12)
> @Jeroen, Tobias is right. We usually mark stable on the security bug so arches
> know what is up.

Right. Could you point me toward the relevant documentation?

http://www.gentoo.org/security/en/vulnerability-policy.xml
http://www.gentoo.org/security/en/coordinator_guide.xml

Only some parts of the GLSA Coordinator Guide are relevant.

If you have any questions just pop in #-security and ask.

Now back to bug voting :-)

tending to vote yes

Security please vote.

Since it contains a fix for the same problem as GLSA'd openssl/gnutls I say
YES.

Voting YES. Let's have a GLSA.

GLSA 200609-18

thanks everyone