FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321338
Date:      2013-06-19
Time:      21:56:56Z
Committer: jgh

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
85f33a8d-492f-11e2-aa75-003067c2616f	opera -- execution of arbitrary code Opera reports: When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code. Discovery 2012-12-18 Entry 2012-12-18 opera opera-devel linux-opera linux-opera-devel lt 12.12 http://www.opera.com/support/kb/view/1038/ http://www.opera.com/support/kb/view/1039/
0925716f-34e2-11e2-aa75-003067c2616f	opera -- execution of arbitrary code Opera reports: When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site. Discovery 2012-11-19 Entry 2012-11-22 opera opera-devel linux-opera linux-opera-devel lt 12.11 http://www.opera.com/support/kb/view/1036/
38daea4f-2851-11e2-9483-14dae938ec40	opera -- multiple vulnerabilities Opera reports: CORS (Cross-Origin Resource Sharing) allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the correct headers that give permission for their contents to be used in this way. Specially crafted requests may trick Opera into thinking that the target site has given permission when it had not done so. This can result in the contents of any target page being revealed to untrusted sites, including any sensitive information or session IDs contained within the source of those pages. Also reported are vulnerabilities involving SVG graphics and XSS. Discovery 2012-11-06 Entry 2012-11-06 opera opera-devel linux-opera linux-opera-devel lt 12.10 http://www.opera.com/support/kb/view/1030/ http://www.opera.com/support/kb/view/1031/ http://www.opera.com/support/kb/view/1033/

VuXML ID

Description

85f33a8d-492f-11e2-aa75-003067c2616f

opera -- execution of arbitrary code

Opera reports:

When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code.

Discovery 2012-12-18
Entry 2012-12-18
opera
opera-devel
linux-opera
linux-opera-devel

lt 12.12

http://www.opera.com/support/kb/view/1038/
http://www.opera.com/support/kb/view/1039/

0925716f-34e2-11e2-aa75-003067c2616f

opera -- execution of arbitrary code

Opera reports:

When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.

Discovery 2012-11-19
Entry 2012-11-22
opera
opera-devel
linux-opera
linux-opera-devel

lt 12.11

http://www.opera.com/support/kb/view/1036/

38daea4f-2851-11e2-9483-14dae938ec40

opera -- multiple vulnerabilities

Opera reports:

CORS (Cross-Origin Resource Sharing) allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the correct headers that give permission for their contents to be used in this way. Specially crafted requests may trick Opera into thinking that the target site has given permission when it had not done so. This can result in the contents of any target page being revealed to untrusted sites, including any sensitive information or session IDs contained within the source of those pages.

Also reported are vulnerabilities involving SVG graphics and XSS.

Discovery 2012-11-06
Entry 2012-11-06
opera
opera-devel
linux-opera
linux-opera-devel

lt 12.10

http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/