Bug#828967: marked as done (CVE-2016-4428: Possible client side template injection in horizon)

Thu, 07 Jul 2016 09:51:40 -0700 

Your message dated Thu, 07 Jul 2016 16:47:11 +0000
with message-id <[email protected]>
and subject line Bug#828967: fixed in horizon 2014.1.3-7+deb8u2
has caused the Debian Bug report #828967,
regarding CVE-2016-4428: Possible client side template injection in horizon
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
828967: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828967
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: horizon
Version: 3:9.0.1-1
Severity: important

See details here:
https://bugs.launchpad.net/horizon/+bug/1567673

--- End Message ---
--- Begin Message --- 
Source: horizon
Source-Version: 2014.1.3-7+deb8u2

We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated horizon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Jun 2016 15:24:16 +0200
Source: horizon
Binary: python-django-horizon openstack-dashboard openstack-dashboard-apache
Architecture: source all
Version: 2014.1.3-7+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
 openstack-dashboard - OpenStack Dashboard
 openstack-dashboard-apache - OpenStack Dashboard - Apache support
 python-django-horizon - Django module providing web interaction with OpenStack
Closes: 828967
Changes:
 horizon (2014.1.3-7+deb8u2) jessie-security; urgency=medium
 .
   * CVE-2016-4428: Possible client side template injection in horizon. Applied
     upstream patch: "Escape angularjs templating in unsafe HTML" after rebasing
     it for Icehouse (Closes: #828967).
Checksums-Sha1:
 bca8f544a492726b8f5ed412b3b4fd289a8827aa 3230 horizon_2014.1.3-7+deb8u2.dsc
 a3b66f292914a0db422ecf6f3ede62ca63f22422 1674520 horizon_2014.1.3.orig.tar.xz
 e9de826b0de2653e0175b8448ce7aba5baa86287 20736 
horizon_2014.1.3-7+deb8u2.debian.tar.xz
 ad540e5fae181b6b8047e367b51b108c0173e96f 1647012 
python-django-horizon_2014.1.3-7+deb8u2_all.deb
 e8517c9fcc6e40652347a1e6bbc18d6a4326d276 1098502 
openstack-dashboard_2014.1.3-7+deb8u2_all.deb
 a3f5d7178769d33acb4de76ce87704df50e7523a 11080 
openstack-dashboard-apache_2014.1.3-7+deb8u2_all.deb
Checksums-Sha256:
 abae47d857d8ac7fcc4e70019379c8edba9e9440200f68c06c384b84bb2b6f56 3230 
horizon_2014.1.3-7+deb8u2.dsc
 3d96888711bb8318970d35b970995e0dc44209523c4b00eed5a2da7e6e96216e 1674520 
horizon_2014.1.3.orig.tar.xz
 b145e04ace5c605cecc78377be27e2cf973826c6e4eb1f94f1656c44ab3f830f 20736 
horizon_2014.1.3-7+deb8u2.debian.tar.xz
 219535c49caf9dc09828fb0fc43382e4674a23d95417a64ef4ec36d24e35a45f 1647012 
python-django-horizon_2014.1.3-7+deb8u2_all.deb
 b1d8411376493d15260a575c145e41eb4acb47b0068355df82a0adb75227730b 1098502 
openstack-dashboard_2014.1.3-7+deb8u2_all.deb
 cd4daa8e7a7e4571d7b371e57f0a415cd282f18e744cc8f5523a23479da82c30 11080 
openstack-dashboard-apache_2014.1.3-7+deb8u2_all.deb
Files:
 3c7df2af4a5014f8c97904bfd6a23d8d 3230 net extra horizon_2014.1.3-7+deb8u2.dsc
 0b7f01a3e3e6a4c1ce6b9f69aad24732 1674520 net extra horizon_2014.1.3.orig.tar.xz
 32c4f3259ef6d1a0fed281ea25f7e7e5 20736 net extra 
horizon_2014.1.3-7+deb8u2.debian.tar.xz
 bd3321f691af1067f6f6087fb9bd5d72 1647012 python extra 
python-django-horizon_2014.1.3-7+deb8u2_all.deb
 af4b6f27fc1ffebfb1f1f1f524cb41ff 1098502 net extra 
openstack-dashboard_2014.1.3-7+deb8u2_all.deb
 b5957f558b2421bb90f7ba79493e1846 11080 net extra 
openstack-dashboard-apache_2014.1.3-7+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXeAo/AAoJENQWrRWsa0P+XC8P/1jqg8C4lIYYgqPm7sbVeHjx
sr/QqxwSml9uROhjSv9e3nxCeQved9vEtNgV3iXdhBnwXwnUG/6AM4zNm0agQLn6
RMPYs3MNezP1Yuc2vvQn18Z8X4DVWzbsNHX/kb3L+KtLJayIroEj/ig+wfPaVfqG
5r+k3RwSunpYfa1llxVFWmrQFm3D+WlDSmRcfnms/GHBdQTBUXISQqcjmOZOXUuU
UfQxz3UCl6pt9ORolQiWjGSEwQHB+p+3DVKuMu0cO65d/brynDr8Kgh+60cZuoWh
FG6q5hNYCjHERruNYvwk8W1htIp2mOKkOowR2HGYA5mbn2BiKNgqUdjEquxH5JBT
qHPKdBsOPwIukLUpErLMTojapeckvy8fdXMo42f9ipHqTJuU0Hnw8x9ztoOxz1Wq
dCM9BnxZCh/TRluxOEl0xm9Oz/D0HI/ZtY1OWrwFBwp3jPsQuL3htlPR88og45yZ
cio/SZjLgDImFH+IdEhmXShy1+YtFnebQDeKX0yn1Axsv3EHj2ivvVLrcf4kdoS7
YkGtpR5KUNG2ei+R+JZrjBpIoERym0LXbSYAsF+qLI//gIRTUcigmbwbIM51M0sz
rWTggBvA3jDS3ZC/GM2dQ23Rm8znHPVcinMeISjB0TA6oxprPHFrMQ4PJwTdbVx8
YNasBdpGdfYnhubIoKCL
=OCfq
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to