A few comments to <URL:http://www.securiteam.com/securitynews/5MP0B004UW.html>. The crash is _not_ an unchecked buffer error in Opera 5.12. It is a mismatched new/delete[] pair in Opera 5.0 for Linux (and not 5.12 for windows). Also, there is no need for long reply lines. The following reply from the server will also crash Opera: HTTP/1.0 200 OK\r\n Connection: X\r\n X As far as I can tell, the received reply is not written into any short buffer, and it is not possible to format the reply in any way to get code executed. There is no security problem, just a plain old crash bug. :-) Please update the "vulnerability" page as soon as possible. Copy to the reporter and bugtraq for information. -- ##> Petter Reinholdtsen <## | [EMAIL PROTECTED]
