Summary: | www-client/opera - ssl/dns spoofing vulnerability | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | axxo, denilsonsa, jer | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://www.cdc.informatik.tu-darmstadt.de/securebrowser/ | ||||||||
Whiteboard: | B3? [glsa] jaervosz | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 146702 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Carsten Lohrke (RETIRED)
2006-09-16 11:12:31 UTC
According to thisĀ¹ site, Opera, similar to the recently fixed openssl and mozilla packages, accepts faked ssl certificates as well. [1] http://www.cdc.informatik.tu-darmstadt.de/securebrowser/ This should be fixed in 9.02. *** Bug 148489 has been marked as a duplicate of this bug. *** Axxo, 9.02 is available. Please bump. Huh, isn't that 9.02 RC2, still? /me kicks squid :( Created attachment 97697 [details]
opera 9.02 ebuild
Created attachment 97698 [details, diff]
opera 9.02 install patch
put into files/ directory with ebuild
(In reply to comment #6) > Created an attachment (id=97697) [edit] > opera 9.02 ebuild > (In reply to comment #7) > Created an attachment (id=97698) [edit] > opera 9.02 install patch > > put into files/ directory with ebuild > Sorry, both of you. As bug 146702 shows, the ebuild has been in the tree for a few decaminutes and the stabilisation procedure has started. This bug depends on the stabilisation bug. www-client/opera-9.02 is stable on all arches. This one is ready for GLSA vote. *cough* stabling of security bugs should be handled on the related security bug report, not on other bug reports ... @Jeroen, Tobias is right. We usually mark stable on the security bug so arches know what is up. (In reply to comment #12) > @Jeroen, Tobias is right. We usually mark stable on the security bug so arches > know what is up. Right. Could you point me toward the relevant documentation? http://www.gentoo.org/security/en/vulnerability-policy.xml http://www.gentoo.org/security/en/coordinator_guide.xml Only some parts of the GLSA Coordinator Guide are relevant. If you have any questions just pop in #-security and ask. Now back to bug voting :-) tending to vote yes Security please vote. Since it contains a fix for the same problem as GLSA'd openssl/gnutls I say YES. Voting YES. Let's have a GLSA. GLSA 200609-18 thanks everyone |