[PKG-Openstack-devel] Bug#828967: horizon / CVE-2016-4428 #828967
Thomas Goirand
zigo at debian.org
Tue Jul 5 20:02:11 UTC 2016
On 07/05/2016 07:37 PM, Moritz Mühlenhoff wrote:
> On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote:
>> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
>>> Hi Thomas,
>>> https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
>>> it in jessie-security. Can you please prepare an update? unstable also needs the patch.
>>>
>>> Cheers,
>>> Moritz
>>>
>>
>> Hi Moritz,
>>
>> I have uploaded fixes for both Sid and Experimental, and the fix for
>> Stable is committed to Git in here:
>>
>> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f
>>
>> Since you may prefer a diff to read from your mail client, I have
>> attached it to this message.
>
> Why do you upload something different than the debdiff you sent?
>
> jessie has 2014.1.3-7, and what you uploaded includes an additional
> fix which was never on security.debian.org:
>
>> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
>>
>> * Fix CVE-2015-3219 with upstream patch (Closes: 788306).
>>
>> -- Thomas Goirand <zigo at debian.org> Wed, 10 Jun 2015 16:18:34 +0200
>
> Cheers,
> Moritz
Attached the output of:
git diff -u -r debian/2014.1.3-7 \
>horizon_2014.1.3-7_to_2014.1.3-7+deb8u2.diff
Can you review that instead of previous diff?
Cheers,
Thomas Goirand (zigo)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: horizon_2014.1.3-7_to_2014.1.3-7+deb8u2.diff
Type: text/x-diff
Size: 19653 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20160705/a40e30a7/attachment.diff>
More information about the Openstack-devel
mailing list