Opera patched its browser in secret

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

What the Heise Security article reports:

"In both [JPG and SVG] cases, both the Windows and the Linux version of Opera 9.02 are affected, as older versions probably 
are, too. The change log for Opera 9.10 does not contain any indication of these vulnerabilities in the section on security. 
Instead, the release seems to have been sold as a cosmetic matter, which may have led a number of users to postpone the 
update."

The official changelog still has no any information (Security section):
http://www.opera.com/docs/changelogs/windows/910/

It appears that Opera Software only released
http://www.opera.com/support/search/supsearch.dml?index=851
and
http://www.opera.com/support/search/supsearch.dml?index=852
'Last edited: 2007-01-05'

It is the same day when iDefense Labs pushed their advisories out.
Secunia said Highly Critical (4/5) and FrSIRT Critical Risk (4/4).

Not a good sign from Opera to hide the vulnerabilities, when they knew that iDefense will publish the information 
however.

More at
http://www.heise-security.co.uk/news/83279

- Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.