Bug 10693

Summary: Security update request for opera, to 12.16
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 3Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK
Source RPM: opera CVE:
Status comment:

Description Anssi Hannula 2013-07-04 19:53:09 CEST 
Opera 12.16 has been pushed to mga2+mga3 nonfree/updates_testing.

This addresses at least this upstream advisory:
http://www.opera.com/security/advisory/1048

I'll add a comment with the suggested update advisory as soon as the full changelog becomes available.

Packages:
opera-12.16-1.mga2.nonfree
opera-12.16-1.mga3.nonfree
Dave Hodgins 2013-07-04 21:59:19 CEST

CC: (none) => davidwhodgins
Whiteboard: (none) => MGA2TOO

Comment 1 Dave Hodgins 2013-07-05 00:51:06 CEST 
http://svnweb.mageia.org/advisories/10693.adv?sortby=date&view=log uploaded.

Testing complete on Mageia 2 and 3, i586 and x86_64.

Anssi, Should I go ahead and validate this update, or wait till the advisory
can be updated?

Whiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK

Comment 2 Anssi Hannula 2013-07-05 07:51:19 CEST 
Let's wait a bit more (max 10 hours).
Comment 3 Anssi Hannula 2013-07-05 17:22:10 CEST 
Suggested advisory:
=======================
description: |
  Opera 12.16 contains a replaced code signing certificate.
  
  Opera Software recently experienced an attack on the internal infrastructure.
  Following best practices, Opera Software is replacing signing certificates in
  Opera with newly issued certificates. Certificates in Opera include the code
  signing certificate for desktop binaries and the signing certificate for
  automatic updates to browser.js. Opera's rootstore was not affected by the
  attack and certificates used for accessing HTTPS websites are unchanged by
  this update.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10693
 - http://www.opera.com/docs/changelogs/unified/1216/
 - http://www.opera.com/security/advisory/1048
=======================

OK to validate.
Comment 4 claire robinson 2013-07-05 17:42:05 CEST 
Thanks Anssi.

Validating. Advisory updated.

Could sysadmin please push from 2 & 3 nonfree/updates_testing to nonfree/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Nicolas Vigier 2013-07-06 16:31:19 CEST 
http://advisories.mageia.org/MGASA-2013-0202.html

Status: ASSIGNED => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:07:05 CEST

CC: boklm => (none)