Our old friend Tavis Ormandy discovered the following:
"Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code."
Opera rates this as Extremely Severe
jer, please provide an ebuild
CC'ing jer ;)
opera-9.64.ebuild is in the tree.
Arches, please test and mark stable:
Target keywords : "amd64 ppc x86"
(In reply to comment #3)
> Arches, please test and mark stable:
Obviously wrong, the target is
x86 stable, all arches done, please proceed to GLSA.
GLSA 200903-30, thanks everyone.
Opera before 9.64 allows remote attackers to execute arbitrary code
via a crafted JPEG image that triggers memory corruption.
Opera before 9.64 allows remote attackers to conduct cross-domain
scripting attacks via unspecified vectors related to plug-ins.
Unspecified vulnerability in Opera before 9.64 has unknown impact and
attack vectors, related to a "moderately severe issue."
I have added the CVE-2009-0914 reference to GLSA 200903-30. No need to send it again, and no need to process the other assigned CVEs.