[PKG-Openstack-devel] Bug#828967: horizon / CVE-2016-4428 #828967

Thomas Goirand zigo at debian.org
Tue Jul 5 19:58:58 UTC 2016


On 07/05/2016 07:37 PM, Moritz Mühlenhoff wrote:
> On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote:
>> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
>>> Hi Thomas,
>>> https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
>>> it in jessie-security. Can you please prepare an update? unstable also needs the patch.
>>>
>>> Cheers,
>>>         Moritz
>>>
>>
>> Hi Moritz,
>>
>> I have uploaded fixes for both Sid and Experimental, and the fix for
>> Stable is committed to Git in here:
>>
>> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f
>>
>> Since you may prefer a diff to read from your mail client, I have
>> attached it to this message.
> 
> Why do you upload something different than the debdiff you sent?
> 
> jessie has 2014.1.3-7, and what you uploaded includes an additional
> fix which was never on security.debian.org:
> 
>> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
>>
>>  * Fix CVE-2015-3219 with upstream patch (Closes: 788306).
>>
>> -- Thomas Goirand <zigo at debian.org>  Wed, 10 Jun 2015 16:18:34 +0200
> 
> Cheers,
>         Moritz

Moritz,

I would still like both fixes to be included in the update. I'm sorry if
the first one didn't make it yet through proposed-updates, it's probably
my fault if it didn't.

If you wish me to squash version 2014.1.3-7+deb8u1 and 2014.1.3-7+deb8u2
into a single version, please let me know, but I don't think it's very
useful to do so.

Cheers,

Thomas Goirand (zigo)



More information about the Openstack-devel mailing list