New Version released. Three new security fixes in addition to Bug #52867 (last version). Perhaps a GLSA is needed this time. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 34897 [details, diff] opera-7.52.ebuild.patch Just changed the OPERAVER and OPERAFTPDIR. This workes on my box. I added a warning message, because the new version will overwrite existing search.ini's (see changelog).
Heinrich could you have a look and bump accordingly?
add 7.52 to portage and marked stable on x86
stable sparc and amd64. ppc might need to remove the shared version like sparc did as it uses gcc-2.95
Note that we don't really need ppc stable on this one since it has never been stable on ppc anyway. This is ready for a GLSA.
GLSA drafted: security please review Heinrich please remove older vulnerable versions if they are not needed.
From FD http://lists.netsys.com/pipermail/full-disclosure/2004-July/023601.html A vulnerability is found in the Opera browser version 7.52 , which potentially can be exploited by malicious people to conduct phishing attacks against a user. The issue may be caused due to a race condition and will sometimes make it possible to display spoofed information in the address bar via a specially crafted HTML document. Tested on WindowsXP SP1. --- Just tested on: Version 7.52 Final Build 727 Platform Linux And it is vulnerable.
I jsut noticed... portage 2.0.50 does not like the arch? ( static? ( ) ) in SRC_URI.. .51 is fine with it. >>> Downloading http://distro.ibiblio.org/pub/Linux/distrib --14:00:16-- http://distro.ibiblio.org/pub/Linux/distribut => `/mnt/raid0/gentoo/distfiles/!static' Resolving distro.ibiblio.org... 152.2.210.109 Connecting to distro.ibiblio.org[152.2.210.109]:80... conne HTTP request sent, awaiting response... 404 Not Found 14:00:19 ERROR 404: Not Found.
eradicator: get rid of cvs in FEATURES
Filed a bug upstream to be sure they are aware of this and try to get a release date : bug-147177@bugs.opera.com
Answer from opera : "We are aware of it and have a fix internally. It is going through QA and will be released farily soon." GLSA will be delayed until Opera 7.53 (?) is out.
Just an FYI Opera 7.53 has been released to the FTPs, although it hasn't been mentioned on the website. Changing the version info in the 7.52 eBuild is all that is needed to get it to merge without problem.
Lanius : could you bump the ebuild in CVS ? Thanks in advance :)
bumped to 7.53 and marked stable
GLSA 200407-15