First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 196164
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Marko Steinberger <marko.steinberger@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 196164 depends on: Show dependency tree
Bug 196164 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-10-17 13:02 0000 
Version bump for opera. Fixes at least two security issues on Linux.

Reproducible: Always

------- Comment #1 From Christian Faulhammer 2007-10-17 13:03:35 0000 ------- 

*** This bug has been marked as a duplicate of bug 195386 ***

------- Comment #2 From Jeroen Roovers 2007-10-17 14:12:55 0000 ------- 
It's not a duplicate.

------- Comment #3 From Jeroen Roovers 2007-10-17 14:13:47 0000 ------- 
Thanks for reporting, Marko.

------- Comment #4 From Jakub Moc (RETIRED) 2007-10-17 14:16:21 0000 ------- 
Fixing screwed bug status...

------- Comment #5 From Jakub Moc (RETIRED) 2007-10-17 14:16:35 0000 ------- 

*** This bug has been marked as a duplicate of bug 195386 ***

------- Comment #6 From Jeroen Roovers 2007-10-17 14:17:09 0000 ------- 
Bugzilla sucks.

------- Comment #7 From Jakub Moc (RETIRED) 2007-10-17 14:18:02 0000 ------- 
???

*** This bug has been marked as a duplicate of bug 195386 ***

------- Comment #8 From Jeroen Roovers 2007-10-17 14:18:18 0000 ------- 
Committing the ebuild as we speak.

------- Comment #9 From Robert Buchholz 2007-10-17 14:44:39 0000 ------- 
This bug is not a duplicate, as the security issues fixed are not the ones in
bug 195386:

* Fixed an issue where external news readers and e-mail clients could be used
to execute arbitrary code, as reported by Michael A. Puls II.
http://www.opera.com/support/search/view/866/

* Fixed an issue where scripts could overwrite functions on pages from other
domains. Issue reported to Opera by David Bloom.
http://www.opera.com/support/search/view/867/

Jeroen, is 9.24 ok for stabling?

------- Comment #10 From Jeroen Roovers 2007-10-17 14:56:56 0000 ------- 
(In reply to comment #9)
> This bug is not a duplicate, as the security issues fixed are not the ones in
> bug 195386:

Well, they may be...

As for stabilisation, the way it usually goes with Opera is upstream does a
security release, I commit an ebuild as soon as possible and then we stabilise
it as soon as possible. So yes, we're good to go stable. :)

------- Comment #11 From Robert Buchholz 2007-10-17 16:11:02 0000 ------- 
Arches, please test and mark stable www-client/opera-9.24
Targets: "amd64 ppc sparc x86"

------- Comment #12 From Christian Faulhammer 2007-10-17 18:36:57 0000 ------- 
x86 stable

------- Comment #13 From Ferris McCormick 2007-10-18 12:09:42 0000 ------- 
Sparc done.

------- Comment #14 From Tobias Scherbaum 2007-10-18 16:57:58 0000 ------- 
ppc stable

------- Comment #15 From Robert Buchholz 2007-10-21 00:14:58 0000 ------- 
CVE-2007-5540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5540):
  Unspecified vulnerability in Opera before 9.24 allows remote attackers to
  overwrite functions on pages from other domains and bypass the same-origin
  policy via unknown vectors.

CVE-2007-5541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5541):
  Unspecified vulnerability in Opera before 9.24, when using an "external"
  newsgroup or e-mail client, allows remote attackers to execute arbitrary
  commands via unknown vectors.

------- Comment #16 From Thomas Anderson (tanderson) 2007-10-21 23:51:04 0000 ------- 
====amd64====

On amd64 everything is working fine.

Portage 2.1.3.9 (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0,
2.6.22-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.22-gentoo-r8 x86_64 AMD Athlon(tm) 64 Processor 3400+
Timestamp of tree: Sun, 21 Oct 2007 01:47:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r5
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -Os -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo
/etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -Os -pipe"
DISTDIR="/distfiles"
FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict
parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/kde /overlay /usr/portage/local/kde"
SYNC="rsync://kv80/gentoo-portage"
USE="X acl acpi aim alsa amd64 arts berkdb bitmap-fonts branding cairo cli
cracklib crypt cups dbus dri dvd dvdread emboss encode esd evo fam firefox
fortran gdbm gif gpm gstreamer hal iconv imap ipv6 isdnlog jpeg kde kerberos
mad midi mikmod mmx mp3 mpeg mqsli mudflap mysql ncurses nls nptl nptlonly
nvidia ogg opengl openmp oss pam pcre pdf perl png pppd python qt3 qt3support
quicktime readline reflection sdl session sockets spell spl sqlite3 sse sse2
ssl svg tcpd test tiff truetype truetype-fonts type1-fonts unicode vim vorbis
xcomposite xine xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp
atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801
hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem
ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug
file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate
route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001
mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nvidia"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #17 From Christoph Mende 2007-10-22 00:43:21 0000 ------- 
amd64 stable

------- Comment #18 From Christian Faulhammer 2007-10-22 05:55:40 0000 ------- 
Ready for GLSA request

------- Comment #19 From Pierre-Yves Rofes 2007-10-30 22:19:14 0000 ------- 
GLSA 200710-31
First Last Prev Next    No search results available      Search page      Enter new bug