Bug 8993

Summary: Bugfix update for opera in nonfree updates testing without a bug report.
Product: Mageia Reporter: Dave Hodgins <davidwhodgins>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal CC: anssi.hannula, sysadmin-bugs
Version: 2Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA2-64-OK MGA2-32-OK
Source RPM: opera-12.14-1.mga2.nonfree.src.rpm CVE:
Status comment:

Description Dave Hodgins 2013-02-07 23:33:52 CET 
Opera 12.14 is in Nonfree Updates Testing, but no bug report has
been assigned to qa.

Creating this bug report, so the update can be validated.
Comment 1 Dave Hodgins 2013-02-07 23:39:32 CET 
Testing complete on Mageia 2 i586 and x86_64.

Could someone from the sysadmin team push the srpm
opera-12.14-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates.

Advisory: Opera 12.14 update addresses a re-occuring crash, when updating
two or more extensions at one time.

https://bugs.mageia.org/show_bug.cgi?id=8993

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Comment 2 Anssi Hannula 2013-02-07 23:48:54 CET 
Better advisory:

Suggested advisory
===================
Opera 12.14 contains fixes to several security and stability issues found in 12.12 and earlier versions and contains other general fixes.

Fixed an issue where DOM events manipulation might be used to execute arbitrary code, as reported by Arthur Gerkis. (kb 1042, high severity)

Fixed an issue where use of SVG clipPaths could allow execution of arbitrary code, as reported by anonymous via the iSIGHT Partners GVP Program. (kb 1043, high severity)

Fixed an issue where TLS response timings could indicate network contents, as reported by Nadhem AlFardan and Kenny Paterson. (kb 1044, low severity)

Fixed an issue where CORS requests could omit the preflight request, as reported by webpentest. (kb 1045, low severity)

For a complete list of changes including the non-security fixes, see the
referenced changelog pages.

http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
http://www.opera.com/support/kb/view/1044/
http://www.opera.com/support/kb/view/1045/
http://www.opera.com/docs/changelogs/unified/1213/
http://www.opera.com/docs/changelogs/unified/1214/
====================

Keywords: (none) => Security
CC: (none) => anssi.hannula
Component: RPM Packages => Security

Comment 3 claire robinson 2013-02-08 10:14:37 CET 

*** This bug has been marked as a duplicate of bug 8996 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE