Your message dated Sat, 13 Jun 2026 14:36:41 +0000
with message-id <[email protected]>
and subject line Bug#1138845: fixed in horizon 3:25.7.3-2
has caused the Debian Bug report #1138845,
regarding OSSN-0097 Horizon RC file generation does not escape special
characters in project
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138845
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: horizon
Version: 3:25.3.0-3
Severity: important
Tags: patch security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Copying the security announce:
OSSN-0097: Horizon RC file generation does not escape special characters in
project names
== Summary ==
Horizon generates shell scripts for OpenStack RC file downloads
with user-provided values in double-quoted strings without escaping
shell metacharacters. A domain manager can set a project name
containing $() or backtick sequences that execute arbitrary
commands when a user sources the RC file.
== Affected Services / Software ==
- horizon: >=8.0.0 <25.3.3, >=25.4.0 <25.5.3, >=25.6.0 <25.7.4
== Discussion ==
A domain manager who can rename a project can inject commands
that run in the shell of any user who downloads and sources the
RC file for that project.
== Recommended Actions ==
Upgrade to a version of horizon containing the fix. As a
workaround, inspect downloaded RC files before sourcing them, or
use clouds.yaml for CLI authentication instead.
=== Patches ===
The following reviews contain the fix for this issue:
2026.2/hibiscus (master):
https://review.opendev.org/c/openstack/horizon/+/990661
2026.1/gazpacho: https://review.opendev.org/c/openstack/horizon/+/991038
2025.2/flamingo: https://review.opendev.org/c/openstack/horizon/+/991039
2025.1/epoxy: https://review.opendev.org/c/openstack/horizon/+/991040
== Credits ==
Tim Shephard, roiai.ca
== Contacts / References ==
* Authors: Goutham Pacha Ravi, Red Hat
* This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0097
* Original Launchpad bug: https://launchpad.net/bugs/2152240
* Mailing List : [security-sig] tag on [email protected]
* OpenStack Security : https://security.openstack.org/
* CVE: none
--- End Message ---
--- Begin Message ---
Source: horizon
Source-Version: 3:25.7.3-2
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated horizon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Jun 2026 23:29:18 +0200
Source: horizon
Architecture: source
Version: 3:25.7.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1138845
Changes:
horizon (3:25.7.3-2) unstable; urgency=medium
.
* OSSN-0097: Horizon RC file generation does not escape special characters in
project. Applied upstream patch: "Escape $ character in shellfilter, and
use it consistently" (Closes: #1138845).
* Refresh patches.
Checksums-Sha1:
a4854f33bc122a863990bee0c568a12225449a8c 4361 horizon_25.7.3-2.dsc
9a73abd967c5a2b2ebdf0ac9aad659137a84200e 38124 horizon_25.7.3-2.debian.tar.xz
f4bec261b8101b9839c6bff1c76a15bd62a46436 18239 horizon_25.7.3-2_amd64.buildinfo
Checksums-Sha256:
864f4b9f60e30b02fe383d025033695e9cd178d72ee4072c48e7c31db6148550 4361
horizon_25.7.3-2.dsc
4cddce56bcb69b81b2bb16a42c6baec2ac4d1af3a2b6d750f52db13044bbeab7 38124
horizon_25.7.3-2.debian.tar.xz
5c1b6ab1e5c5640f3258064b05965952ac86f519848b3dbf700aa3e48fa3cdd4 18239
horizon_25.7.3-2_amd64.buildinfo
Files:
b89367ab5b8b117a5fbf63192183a6ab 4361 net optional horizon_25.7.3-2.dsc
0e64cb7d6294f6205b6f54ca53c96072 38124 net optional
horizon_25.7.3-2.debian.tar.xz
1692c5d2ff1e3eed9036b69e549e8915 18239 net optional
horizon_25.7.3-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmotZJUACgkQ1BatFaxr
Q/4z4Q//XorRLuHujv+fMjMgdSRdTpFrDIfINmy+vwoeqMBooswVKgSlt9qVOeu7
9BM4NOTFAAUeBFB/mO8MACdJ1fw82OxF2mRz7NUWfgzG4K/YPsSme1b1JjXcZ7Lg
0kdh/f+ve32M2NUmZUD0RAdNUA7Zi69QjiG/iFHuao8M6hwnPmhdoVURdQHEGUyK
pd5sT3jj35AzQh/yyZPrcdYSmrZLVnr5TTttl7BZnKophHFWBsk0H0V99yzwCQgZ
7MgrfZCrltvYVjt/ds8T1KZoxmKAzd+RafUtBSCh7adI7pTndtFYqB/V/1z/9R+g
zOvNDRhHCb7HHPgJ672iKqol+hnW1ZDY2pfeMwM6ka+pK1vpAVPUwcCwm1Xytzo9
jLR65EPbxaML2v1Gx3WcNl7fO9wbaWvCQtrfPURVh4fKDOPZ2UAIWoZX2pAEVRdE
tEzMbxbbUkBgLghggRnw/MLrOj78dsgcTeJPvZRcg3zCxqpnFpP6RB3SbqX12d0l
Xugc43/roUrfLvJfVVMqPJlK3gqXh1TxSIfO/wvdlwvOxzsxN/Q6CM+u+UrlByID
+iUGMNnqvrPneyTtG+/tfg+QEP7gsjRT0RTx9U7jJoU96JG9fLas9ZKA3PpjCQXC
TO2Woi2s8ma5zUvQkHd0CcvUbVb5bzcaC0HqPiMXl1Ryf0aNCPE=
=omZl
-----END PGP SIGNATURE-----
pgpuNAshQUB_Y.pgp
Description: PGP signature
--- End Message ---
