[PKG-Openstack-devel] Bug#788306: Bug#788306: Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation
Thomas Goirand
zigo at debian.org
Wed Jun 10 14:26:51 UTC 2015
On 06/10/2015 09:10 AM, László Böszörményi (GCS) wrote:
> Control: found -1 2014.1.3-1
>
> Hi Salvatore,
>
> On Wed, Jun 10, 2015 at 7:37 AM, Salvatore Bonaccorso <carnil at debian.org> wrote:
>> Source: horizon
>> Version: 2015.1.0-1
>> Severity: important
>> Tags: security upstream fixed-upstream
> [...]
>> CVE-2015-3219[0]:
>> XSS in Horizon Heat stack creation
> [...]
>> Please adjust the affected versions in the BTS as needed.
> Just checked. The Wheezy version doesn't contain the vulnerable code
> segment, but the Jessie version does. Mark the bug accordingly.
> In case you may accept, I attach a debdiff for Jessie.
>
> Regards,
> Laszlo/GCS
Thanks Laszlo for the patch. I have applied it to the debian/icehouse
branch in our Git, and just added the closing of this bug in the
changelog. The resulting package is here:
Full folder:
http://sid.gplhost.com/horizon/
.dsc file:
http://sid.gplhost.com/horizon/horizon_2014.1.3-7+deb8u1.dsc
.debdiff file:
http://sid.gplhost.com/horizon/horizon_2014.1.3-7+deb8u1.debdiff
Right now, I'm applying the fix to Sid and Jessie-backports.
Dear security team, can I upload the above?
Cheers,
Thomas Goirand (zigo)
More information about the Openstack-devel
mailing list