[PKG-Openstack-devel] Bug#828967: horizon / CVE-2016-4428 #828967
Moritz Mühlenhoff
jmm at inutil.org
Tue Jul 5 17:37:17 UTC 2016
On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote:
> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
> > Hi Thomas,
> > https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
> > it in jessie-security. Can you please prepare an update? unstable also needs the patch.
> >
> > Cheers,
> > Moritz
> >
>
> Hi Moritz,
>
> I have uploaded fixes for both Sid and Experimental, and the fix for
> Stable is committed to Git in here:
>
> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f
>
> Since you may prefer a diff to read from your mail client, I have
> attached it to this message.
Why do you upload something different than the debdiff you sent?
jessie has 2014.1.3-7, and what you uploaded includes an additional
fix which was never on security.debian.org:
> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
>
> * Fix CVE-2015-3219 with upstream patch (Closes: 788306).
>
> -- Thomas Goirand <zigo at debian.org> Wed, 10 Jun 2015 16:18:34 +0200
Cheers,
Moritz
More information about the Openstack-devel
mailing list