Date: Tue, 6 Nov 2012 20:45:14 +0000 (UTC) From: Chris Rees <crees@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r307094 - head/security/vuxml Message-ID: <201211062045.qA6KjEjL046384@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: crees Date: Tue Nov 6 20:45:14 2012 New Revision: 307094 URL: http://svnweb.freebsd.org/changeset/ports/307094 Log: Document opera vulnerabilities Feature safe: yes Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Nov 6 20:43:55 2012 (r307093) +++ head/security/vuxml/vuln.xml Tue Nov 6 20:45:14 2012 (r307094) @@ -51,6 +51,48 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="38daea4f-2851-11e2-9483-14dae938ec40"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <name>opera-devel</name> + <name>linux-opera</name> + <name>linux-opera-devel</name> + <range><lt>12.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Opera reports:</p> + <blockquote cite="http://www.opera.com/support/kb/view/1030/">; + <p>CORS (Cross-Origin Resource Sharing) allows web pages to retrieve + the contents of pages from other sites, with their permission, + as they would appear for the current user. + When requests are made in this way, the browser should only allow + the page content to be retrieved if the target site sends the + correct headers that give permission for their contents to be + used in this way. Specially crafted requests may trick Opera + into thinking that the target site has given permission when it + had not done so. This can result in the contents of any target page + being revealed to untrusted sites, including any + sensitive information or session IDs contained within the + source of those pages.</p> + </blockquote> + <p>Also reported are vulnerabilities involving SVG graphics and XSS.</p> + </body> + </description> + <references> + <url>http://www.opera.com/support/kb/view/1030/</url>; + <url>http://www.opera.com/support/kb/view/1031/</url>; + <url>http://www.opera.com/support/kb/view/1033/</url>; + </references> + <dates> + <discovery>2012-11-06</discovery> + <entry>2012-11-06</entry> + </dates> + </vuln> + <vuln vid="36533a59-2770-11e2-bb44-003067b2972c"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211062045.qA6KjEjL046384>