Arch teams, please test and mark stable: =www-client/opera-10.60 Target KEYWORDS="amd64 ppc x86 ~x86-fbsd" = Security = * Improved * Implemented validation of certificates used in widget signatures using OCSP * Fixed * - Fixed vulnerability in Renegotiation feature of the TLS protocol; see our advisory (http://www.opera.com/support/search/view/944/) - Fixed an issue which could be used to trick users into uploading unexpected files, as reported by Andrew Valums; see our advisory (http://www.opera.com/support/search/view/958/). - Fixed exposure of widget properties to third party domains; see our advisory (http://www.opera.com/support/search/view/959/). - Fixed an issue where file inputs could disclose the path to selected files; see our advisory (http://www.opera.com/support/search/view/960/). - Fixed an issue which could allow certain characters to be used for domain name spoofing; see our advisory (http://www.opera.com/support/search/view/961/). And from the 10.60 beta 1 changelog: = Security = * Fixed * - After accepting a certificate, SSL negotiation fails in some circumstances - Not being able to install a Skandiabanken CA certificate - Not being able to accept a self-signed certificate And there's probably more.
x86 stable
Needs media-libs/libpng-1.4 when USE=gtk.
amd64 stable
Stable for PPC.
=www-client/opera-10.11 is now package.masked.
GLSA Vote: No; looks like the most severe impact is an info leak.
We have an opera GLSA pending, it will be added there.
CVE-2010-2664 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664): Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning. CVE-2010-2663 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663): Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.
This issue was resolved and addressed in GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml by GLSA coordinator Sean Amoss (ackle).