Bug 8007 - Security update request for opera, to 12.10
: Security update request for opera, to 12.10
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
: MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1...
: Security, validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-11-07 01:09 CET by Anssi Hannula
Modified: 2012-11-07 11:27 CET (History)
3 users (show)

See Also:
Source RPM: opera
CVE:
Status comment:


Attachments

Description Anssi Hannula 2012-11-07 01:09:00 CET
Opera 12.10 has been pushed to mga1+mga2 nonfree/updates_testing.

Suggested advisory
===================
Opera 12.10 fixes several security and stability issues found in previous
versions and contains new and improved features.

Fixed an issue that could cause Opera not to correctly check for certificate revocation.
http://www.opera.com/support/kb/view/1029/

Fixed an issue where CORS requests could incorrectly retrieve contents of cross origin pages.
http://www.opera.com/support/kb/view/1030/

Fixed an issue where data URIs could be used to facilitate Cross-Site Scripting.
http://www.opera.com/support/kb/view/1031/

Fixed a high severity issue, as reported by Gareth Heyes; details will be disclosed at a later date.

Fixed an issue where specially crafted SVG images could allow execution of arbitrary code, as reported by Attila Suszter.
http://www.opera.com/support/kb/view/1033/

Fixed a moderate severity issue, as reported by the Google Security Group; details will be disclosed at a later date.

Additionally, the opera package now suggests gstreamer0.10-plugins-good so that HTML5 audio in WAV format will work in the case the package was not already installed.

For a complete list of changes including the non-security fixes, see
http://www.opera.com/docs/changelogs/unified/1210/
====================

Packages:
opera-12.10-1.mga1.nonfree
opera-12.10-1.1.mga2.nonfree
Comment 1 Dave Hodgins 2012-11-07 03:32:17 CET
Testing complete with flash, java, nntp, email, and general browsing.

Could someone from the sysadmin team push the srpm
opera-12.10-1.1.mga2.nonfree
from Mageia 2 Core Updates Testing to Core Updates and the srpm
opera-12.10-1.mga1.nonfree
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Opera 12.10 fixes several security and stability issues found in previous
versions and contains new and improved features.

Fixed an issue that could cause Opera not to correctly check for certificate
revocation.
http://www.opera.com/support/kb/view/1029/

Fixed an issue where CORS requests could incorrectly retrieve contents of cross
origin pages.
http://www.opera.com/support/kb/view/1030/

Fixed an issue where data URIs could be used to facilitate Cross-Site
Scripting.
http://www.opera.com/support/kb/view/1031/

Fixed a high severity issue, as reported by Gareth Heyes; details will be
disclosed at a later date.

Fixed an issue where specially crafted SVG images could allow execution of
arbitrary code, as reported by Attila Suszter.
http://www.opera.com/support/kb/view/1033/

Fixed a moderate severity issue, as reported by the Google Security Group;
details will be disclosed at a later date.

Additionally, the opera package now suggests gstreamer0.10-plugins-good so that
HTML5 audio in WAV format will work in the case the package was not already
installed.

For a complete list of changes including the non-security fixes, see
http://www.opera.com/docs/changelogs/unified/1210/

https://bugs.mageia.org/show_bug.cgi?id=8007
Comment 2 Dave Hodgins 2012-11-07 03:44:10 CET
Sorry, those should have been Nonfree rather then Core.
Comment 3 Thomas Backlund 2012-11-07 11:27:51 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0326

Note You need to log in before you can comment on or make changes to this bug.