Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 240500 - www-client/opera <9.60 - Multiple vulnerabilities (CVE-2008-4694,CVE-2008-4695)
Summary: www-client/opera <9.60 - Multiple vulnerabilities (CVE-2008-4694,CVE-2008-4695)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2008-10-08 12:41 UTC by Jeroen Roovers (RETIRED)
Modified: 2008-11-03 19:01 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2008-10-08 12:41:28 UTC
* Fixed an issue where specially crafted addresses could execute arbitrary code, as reported by Chris of Matasano Security; see our advisory[1]
* Java applets can no longer be used to read sensitive information, as reported by Nate McFeters; see our advisory[2]


www-client/opera-9.60 fixes these and an ebuild is in the tree.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-10-08 15:51:52 UTC
Arches, please test and mark stable:
Target keywords : "amd64 ppc sparc x86"
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-10-08 15:52:56 UTC
no sparc, as usual.
Comment 3 Markus Meier gentoo-dev 2008-10-09 20:13:37 UTC
amd64/x86 stable
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-10-11 17:59:54 UTC
ppc stable
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2008-10-13 18:57:32 UTC
GLSA together with bug 235298.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-10-22 18:03:42 UTC
 CVE-2008-4694 code execution using redirects to crafted addresses
 CVE-2008-4695  Java applets cache file read
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-11-03 19:01:41 UTC
GLSA 200811-01, thanks everyone and sorry about the delay.