[PKG-Openstack-devel] Bug#786741: Bug#786741: Bug#786741: horizon: CVE-2015-3988: Persistent XSS in Horizon metadata dashboard
Martin Zobel-Helas
zobel at debian.org
Mon May 25 10:22:59 UTC 2015
Hi,
On Mon May 25, 2015 at 11:47:17 +0200, Martin Zobel-Helas wrote:
> Hi,
>
> On Mon May 25, 2015 at 07:36:15 +0200, Salvatore Bonaccorso wrote:
> > Source: horizon
> > Version: 2015.1.0-1
> > Severity: important
> > Tags: security upstream
> >
> > Hi,
> >
> > the following vulnerability was published for horizon.
> >
> > CVE-2015-3988[0]:
> > | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack
> > | Dashboard (Horizon) 2015.1.0 allow remote authenticated users to
> > | inject arbitrary web script or HTML via the metadata to a (1) Glance
> > | image, (2) Nova flavor or (3) Host Aggregate.
>
> The patch seems to be
> https://git.openstack.org/cgit/openstack/horizon/commit/?id=6c944b5013acb0dce7cf3d8717e58f7f2427be07
The above link was for Juno, which is not in Debian. The correct link is
https://review.openstack.org/#/c/183656/
Cheers,
Martin
--
Martin Zobel-Helas <zobel at debian.org> Debian System Administrator
Debian & GNU/Linux Developer Debian Listmaster
http://about.me/zobel Debian Webmaster
GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
More information about the Openstack-devel
mailing list