"A virtual function call on an invalid pointer that may reference data crafted by the attacker can be used to execute arbitrary code."
9.23 fixes it. Not in the tree yet.
www-client/opera-9.23 is in CVS.
My proposal for severity is B2 and I hope security team is not pissed when I cc arches.
Please mark stable www-client/opera-9.23, thanks. x86 stable.
sparc stable, and unmasked it - otherwise it's no good for anyone!
ppc stable, ready for glsa (voting?)
merging GLSA with bug 185497. No vote needed, it's A2 (code execution)
GLSA 200708-17, combined with bug 185497. Thanks everybody!