[PKG-Openstack-devel] Bug#786741: Bug#786741: horizon: CVE-2015-3988: Persistent XSS in Horizon metadata dashboard
Martin Zobel-Helas
zobel at debian.org
Mon May 25 09:47:17 UTC 2015
Hi,
On Mon May 25, 2015 at 07:36:15 +0200, Salvatore Bonaccorso wrote:
> Source: horizon
> Version: 2015.1.0-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for horizon.
>
> CVE-2015-3988[0]:
> | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack
> | Dashboard (Horizon) 2015.1.0 allow remote authenticated users to
> | inject arbitrary web script or HTML via the metadata to a (1) Glance
> | image, (2) Nova flavor or (3) Host Aggregate.
The patch seems to be
https://git.openstack.org/cgit/openstack/horizon/commit/?id=6c944b5013acb0dce7cf3d8717e58f7f2427be07
Cheers,
Martin
--
Martin Zobel-Helas <zobel at debian.org> Debian System Administrator
Debian & GNU/Linux Developer Debian Listmaster
http://about.me/zobel Debian Webmaster
GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
More information about the Openstack-devel
mailing list