= Security = * Improvements * ) Tightened security policies in several locations ) Fixed a moderately severe issue. Details will be disclosed at a later date. ) Fixed an issue where data URIs could be used to initiate cross site scripting against unrelated sites, as reported by Michal Zalewski of the Google Security Team; see our advisory[1]. ) Fixed an issue with error pages that could cause a system crash, as reported through JPCERT; see our advisory[2]. [1] http://www.opera.com/support/kb/view/995/ [2] http://www.opera.com/support/kb/view/996/ Arch teams, please test and mark stable: =www-client/opera-11.50.1074 Target KEYWORDS="amd64 x86"
amd64: opera seems to not connect to the installed adobe-flash Otherwise it works
Tested on x86, looks good over here and even flash is working! :-)
what's the secret????
(In reply to comment #3) > what's the secret???? hehe :-) I would tend to say that flash in it self is the problem on amd64!? ;-) Honestly, i don't know and haven't done anything special...
amd64 ok
(In reply to comment #1) > amd64: > > opera seems to not connect to the installed adobe-flash Could be bug #363387 but over there I see three different platforms with perhaps two different issues (the one in the Summary and maybe one other). This isn't the place to have that discussion all over again, even if bug #363387 isn't either.
amd64/x86 stable, thanks Ian, Andreas and Agostino. All arches done.
GLSA Vote: no.
CVE-2011-1337 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337): Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.
CVE-2010-2665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665): Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."
Vote: YES. Added to pending GLSA request.
This issue was resolved and addressed in GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml by GLSA coordinator Sean Amoss (ackle).
