* Fixed a heap buffer overflow in string to number conversion; see our advisory[1]. * Fixed an issue where error messages could leak onto unrelated sites; see our advisory[2]. * Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date. [1] http://www.opera.com/support/search/view/942/ [2] http://www.opera.com/support/search/view/941/
Arch devs, please mark stable: =www-client/opera-10.10 Target arches: amd64 ppc x86
x86 stable
amd64 stable
CVE-2009-4071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071): Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. CVE-2009-4072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072): Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
Stable for PPC. <www-client/opera-10.10 removed.
Added bug to pending CVE.
This issue was resolved and addressed in GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml by GLSA coordinator Sean Amoss (ackle).