Bug 4280

Summary: Security update for opera to version 11.61
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, fundawang, sysadmin-bugs, tmb
Version: 1Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: opera CVE:
Status comment:

Description Anssi Hannula 2012-01-25 15:21:24 CET 
opera-11.61-1.mga1 pushed to nonfree/updates_testing by funda.

Suggested advisory
===================
Opera 11.61 fixes several security issues and other bugs found in previous versions.

Fixed an issue where manipulation of framed content can allow cross-site scripting, as reported by Michal Zalewski.
http://www.opera.com/support/kb/view/1007/

Fixed an issue where script events could be used to reveal the presence of local files.
http://www.opera.com/support/kb/view/1008/

For a list of other fixes, see:
http://www.opera.com/docs/changelogs/unix/1161/
====================

Please test.
Comment 1 claire robinson 2012-01-25 17:44:15 CET 
Thankyou Anssi :)

Testing x86_64

Java, email, flash video all ok

I notice in terminal though when watching a video on youtube..

(<unknown>:22247): GStreamer-CRITICAL **: gst_debug_add_log_function: assertion `func != NULL' failed

(operapluginwrapper-native:22432): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

Is this anything to worry about?

Also when hovering the mouse over the video it shows a 'click to activate and use this control' message, which might just be a setting somewhere.
Comment 2 Anssi Hannula 2012-01-25 17:53:34 CET 
I don't think so (unless you see visible regressions), the first one seems like some API issue between opera<->gstreamer, but the error seems to be on a probably harmless function. The second one looks like some Flash player bug.

The "click to activate and use this control" probably means that you can click the applet to put it in focus, i.e. keyboard events get pushed to the flash applet instead of the browser.
Comment 3 claire robinson 2012-01-25 18:15:39 CET 
No, everything I tried seemed to work as intended.

Testing complete x86_64 in that case
Manuel Hiebel 2012-01-25 23:25:53 CET

Component: RPM Packages => Security
Source RPM: (none) => opera

Comment 4 Dave Hodgins 2012-01-26 01:47:38 CET 
Testing complete on i586. Validating the update.

Could someone from the sysadmin team push the srpm
opera-11.61-1.mga1.nonfree.src.rpm
from Nonfree Updates Testing to Nonfree Updates.

Advisory: Opera 11.61 fixes several security issues and other
bugs found in previous versions.

Fixed an issue where manipulation of framed content can allow
cross-site scripting, as reported by Michal Zalewski.
http://www.opera.com/support/kb/view/1007/

Fixed an issue where script events could be used to reveal the
presence of local files.
http://www.opera.com/support/kb/view/1008/

For a list of other fixes, see:
http://www.opera.com/docs/changelogs/unix/1161/

https://bugs.mageia.org/show_bug.cgi?id=4280

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Thomas Backlund 2012-01-27 23:14:14 CET 
update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED