New Version released.
Three new security fixes in addition to Bug #52867 (last version). Perhaps a GLSA is needed this time.
Steps to Reproduce:
Created attachment 34897 [details, diff]
Just changed the OPERAVER and OPERAFTPDIR. This workes on my box.
I added a warning message, because the new version will overwrite existing
search.ini's (see changelog).
Heinrich could you have a look and bump accordingly?
add 7.52 to portage and marked stable on x86
stable sparc and amd64.
ppc might need to remove the shared version like sparc did as it uses gcc-2.95
Note that we don't really need ppc stable on this one since it has never been stable on ppc anyway. This is ready for a GLSA.
GLSA drafted: security please review
Heinrich please remove older vulnerable versions if they are not needed.
From FD http://lists.netsys.com/pipermail/full-disclosure/2004-July/023601.html
A vulnerability is found in the Opera browser version 7.52 , which
can be exploited by malicious people to conduct phishing attacks against a
The issue may be caused due to a race condition and will sometimes
make it possible to display spoofed information in the address bar
via a specially crafted HTML document.
Tested on WindowsXP SP1.
Just tested on:
Version 7.52 Final
And it is vulnerable.
I jsut noticed... portage 2.0.50 does not like the arch? ( static? ( ) ) in SRC_URI.. .51 is fine with it.
>>> Downloading http://distro.ibiblio.org/pub/Linux/distrib
Resolving distro.ibiblio.org... 18.104.22.168
Connecting to distro.ibiblio.org[22.214.171.124]:80... conne
HTTP request sent, awaiting response... 404 Not Found
14:00:19 ERROR 404: Not Found.
eradicator: get rid of cvs in FEATURES
Filed a bug upstream to be sure they are aware of this and try to get a release date : email@example.com
Answer from opera :
"We are aware of it and have a fix internally. It is going through QA and will be released farily soon."
GLSA will be delayed until Opera 7.53 (?) is out.
Just an FYI Opera 7.53 has been released to the FTPs, although it hasn't been mentioned on the website. Changing the version info in the 7.52 eBuild is all that is needed to get it to merge without problem.
Lanius : could you bump the ebuild in CVS ? Thanks in advance :)
bumped to 7.53 and marked stable