Summary: | www-client/opera < 9.25 Multiple vulnerabilities (CVE-2007-{6520,6521,6522,6524}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | ollonois <ollonois> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jer |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.opera.com/docs/changelogs/linux/925/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
ollonois
2007-12-19 11:38:10 UTC
Thanks for reporting this to us, ollonois. Jeroen, please advise. www-client/opera-9.25 is in CVS. Arches, please test and mark stable www-client/opera-9.25. Target keywords : "amd64 ppc sparc x86" x86 stable Stable for sparc. Appears to work fine. ppc stable amd64 stable All arches done, GLSA request filed. CVE ids were assigned as follows: CVE-2007-6520: Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. CVE-2007-6521 Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. CVE-2007-6522 The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. CVE-2007-6524 Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file. GLSA 200712-22 |