Gentoo Bug 240500 - www-client/opera <9.60 - Multiple vulnerabilities (CVE-2008-4694,CVE-2008-4695)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	240500
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Jeroen Roovers <jer@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 240500 depends on:			Show dependency tree
Bug 240500 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-10-08 12:41 0000

* Fixed an issue where specially crafted addresses could execute arbitrary
code, as reported by Chris of Matasano Security; see our advisory[1]
* Java applets can no longer be used to read sensitive information, as reported
by Nate McFeters; see our advisory[2]

[1] http://www.opera.com/support/search/view/901/
[2] http://www.opera.com/support/search/view/902/

www-client/opera-9.60 fixes these and an ebuild is in the tree.

------- Comment #1 From Robert Buchholz 2008-10-08 15:51:52 0000 -------

Arches, please test and mark stable:
=www-client/opera-9.60
Target keywords : "amd64 ppc sparc x86"

------- Comment #2 From Robert Buchholz 2008-10-08 15:52:56 0000 -------

no sparc, as usual.

------- Comment #3 From Markus Meier 2008-10-09 20:13:37 0000 -------

amd64/x86 stable

------- Comment #4 From Tobias Scherbaum 2008-10-11 17:59:54 0000 -------

ppc stable

------- Comment #5 From Tobias Heinlein 2008-10-13 18:57:32 0000 -------

GLSA together with bug 235298.

------- Comment #6 From Robert Buchholz 2008-10-22 18:03:42 0000 -------

 CVE-2008-4694 code execution using redirects to crafted addresses
 CVE-2008-4695  Java applets cache file read

------- Comment #7 From Tobias Heinlein 2008-11-03 19:01:41 0000 -------

GLSA 200811-01, thanks everyone and sorry about the delay.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 240500

www-client/opera <9.60 - Multiple vulnerabilities (CVE-2008-4694,CVE-2008-4695)

Last modified: 2008-11-03 19:01:41 0000