Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 324189 (CVE-2010-1349) - <www-client/opera-10.50: Integer overflow (CVE-2010-1349)
Summary: <www-client/opera-10.50: Integer overflow (CVE-2010-1349)
Status: RESOLVED FIXED
Alias: CVE-2010-1349
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.opera.com/support/kb/view/...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-15 21:05 UTC by Matthias Geerdsen (RETIRED)
Modified: 2012-06-15 17:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2010-06-15 21:05:30 UTC 
CVE-2010-1349 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349):
  Integer overflow in Opera 10.10 through 10.50 allows remote attackers
  to execute arbitrary code via a large Content-Length value, which
  triggers a heap overflow.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2010-06-16 05:26:39 UTC 
This isn't going anywhere until there's a 10.60 or beyond that upstream calls stable.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-11-26 23:49:06 UTC 
Vulnerable versions are no longer in the tree.

GLSA with bug 283391 and friends.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 17:40:33 UTC 
This issue was resolved and addressed in
 GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml
by GLSA coordinator Sean Amoss (ackle).