Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 56311 - net-www/opera-7.53 fixes several security issues
Summary: net-www/opera-7.53 fixes several security issues
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa] jaervosz
Depends on:
Reported: 2004-07-07 02:41 UTC by Boris
Modified: 2011-10-30 22:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

opera-7.52.ebuild.patch (opera-7.52.ebuild.patch,583 bytes, patch)
2004-07-07 02:47 UTC, Boris
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Boris 2004-07-07 02:41:44 UTC
New Version released.
Three new security fixes in addition to Bug #52867 (last version). Perhaps a GLSA is needed this time.

Reproducible: Always
Steps to Reproduce:
Comment 1 Boris 2004-07-07 02:47:33 UTC
Created attachment 34897 [details, diff]

Just changed the OPERAVER and OPERAFTPDIR. This workes on my box.

I added a warning message, because the new version will overwrite existing
search.ini's (see changelog).
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-07 04:12:06 UTC
Heinrich could you have a look and bump accordingly?
Comment 3 Heinrich Wendel (RETIRED) gentoo-dev 2004-07-07 09:05:00 UTC
add 7.52 to portage and marked stable on x86
Comment 4 Jeremy Huddleston (RETIRED) gentoo-dev 2004-07-07 10:11:10 UTC
stable sparc and amd64.

ppc might need to remove the shared version like sparc did as it uses gcc-2.95
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-07-07 13:49:19 UTC
Note that we don't really need ppc stable on this one since it has never been stable on ppc anyway. This is ready for a GLSA.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-07 13:53:41 UTC
GLSA drafted: security please review

Heinrich please remove older vulnerable versions if they are not needed.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-08 13:21:36 UTC
From FD

A vulnerability is found in the Opera browser version 7.52 , which 
can be exploited by malicious people to conduct phishing attacks against a 

The issue may be caused due to a race condition and will sometimes
make it possible to display spoofed information in the address bar
via a specially crafted HTML document.

Tested on WindowsXP SP1.


Just tested on:

Version	7.52 Final 	
Build	727 	
Platform	Linux

And it is vulnerable.
Comment 8 Jeremy Huddleston (RETIRED) gentoo-dev 2004-07-08 14:04:38 UTC
I jsut noticed... portage 2.0.50 does not like the arch? ( static? ( ) ) in SRC_URI.. .51 is fine with it.

>>> Downloading
           => `/mnt/raid0/gentoo/distfiles/!static'
Connecting to[]:80... conne
HTTP request sent, awaiting response... 404 Not Found
14:00:19 ERROR 404: Not Found.
Comment 9 SpanKY gentoo-dev 2004-07-08 20:53:10 UTC
eradicator: get rid of cvs in FEATURES
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2004-07-12 07:00:52 UTC
Filed a bug upstream to be sure they are aware of this and try to get a release date :
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2004-07-13 04:53:30 UTC
Answer from opera :
"We are aware of it and have a fix internally. It is going through QA and will be released farily soon."
GLSA will be delayed until Opera 7.53 (?) is out.
Comment 12 Matthew 2004-07-19 20:15:13 UTC
Just an FYI Opera 7.53 has been released to the FTPs, although it hasn't been mentioned on the website. Changing the version info in the 7.52 eBuild is all that is needed to get it to merge without problem.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2004-07-20 00:30:44 UTC
Lanius : could you bump the ebuild in CVS ? Thanks in advance :)
Comment 14 Heinrich Wendel (RETIRED) gentoo-dev 2004-07-20 10:24:21 UTC
bumped to 7.53 and marked stable
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-20 12:50:31 UTC
GLSA 200407-15