Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 28 Feb 2008 20:54:52 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE ids for Opera 9.26 security update?


======================================================
Name: CVE-2008-1080
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1080
Reference: CONFIRM:http://www.opera.com/docs/changelogs/linux/926/
Reference: CONFIRM:http://www.opera.com/support/search/view/877/
Reference: FRSIRT:ADV-2008-0622
Reference: URL:http://www.frsirt.com/english/advisories/2008/0622
Reference: SECUNIA:29029
Reference: URL:http://secunia.com/advisories/29029

Opera before 9.26 allows user-assisted remote attackers to read
arbitrary files by tricking a user into typing the characters of the
target filename into a file input.


======================================================
Name: CVE-2008-1081
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1081
Reference: CONFIRM:http://www.opera.com/docs/changelogs/linux/926/
Reference: CONFIRM:http://www.opera.com/support/search/view/879/
Reference: FRSIRT:ADV-2008-0622
Reference: URL:http://www.frsirt.com/english/advisories/2008/0622
Reference: SECUNIA:29029
Reference: URL:http://secunia.com/advisories/29029

Opera before 9.26 allows user-assisted remote attackers to execute
arbitrary script via images that contain custom comments, which are
treated as script when the user displays the image properties.


======================================================
Name: CVE-2008-1082
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1082
Reference: CONFIRM:http://www.opera.com/docs/changelogs/linux/926/
Reference: CONFIRM:http://www.opera.com/support/search/view/880/
Reference: FRSIRT:ADV-2008-0622
Reference: URL:http://www.frsirt.com/english/advisories/2008/0622
Reference: SECUNIA:29029
Reference: URL:http://secunia.com/advisories/29029

Opera before 9.26 allows remote attackers to "bypass sanitization
filters" and conduct cross-site scripting (XSS) attacks via crafted
attribute values in an XML document, which are not properly handled
during DOM presentation.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.