Your message dated Tue, 16 Jun 2026 20:47:35 +0000
with message-id <[email protected]>
and subject line Bug#1138845: fixed in horizon 3:23.0.0-5+deb12u2
has caused the Debian Bug report #1138845,
regarding OSSN-0097 Horizon RC file generation does not escape special
characters in project
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138845
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: horizon
Version: 3:25.3.0-3
Severity: important
Tags: patch security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Copying the security announce:
OSSN-0097: Horizon RC file generation does not escape special characters in
project names
== Summary ==
Horizon generates shell scripts for OpenStack RC file downloads
with user-provided values in double-quoted strings without escaping
shell metacharacters. A domain manager can set a project name
containing $() or backtick sequences that execute arbitrary
commands when a user sources the RC file.
== Affected Services / Software ==
- horizon: >=8.0.0 <25.3.3, >=25.4.0 <25.5.3, >=25.6.0 <25.7.4
== Discussion ==
A domain manager who can rename a project can inject commands
that run in the shell of any user who downloads and sources the
RC file for that project.
== Recommended Actions ==
Upgrade to a version of horizon containing the fix. As a
workaround, inspect downloaded RC files before sourcing them, or
use clouds.yaml for CLI authentication instead.
=== Patches ===
The following reviews contain the fix for this issue:
2026.2/hibiscus (master):
https://review.opendev.org/c/openstack/horizon/+/990661
2026.1/gazpacho: https://review.opendev.org/c/openstack/horizon/+/991038
2025.2/flamingo: https://review.opendev.org/c/openstack/horizon/+/991039
2025.1/epoxy: https://review.opendev.org/c/openstack/horizon/+/991040
== Credits ==
Tim Shephard, roiai.ca
== Contacts / References ==
* Authors: Goutham Pacha Ravi, Red Hat
* This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0097
* Original Launchpad bug: https://launchpad.net/bugs/2152240
* Mailing List : [security-sig] tag on [email protected]
* OpenStack Security : https://security.openstack.org/
* CVE: none
--- End Message ---
--- Begin Message ---
Source: horizon
Source-Version: 3:23.0.0-5+deb12u2
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated horizon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 09 Jun 2026 10:38:23 +0200
Source: horizon
Architecture: source
Version: 3:23.0.0-5+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1138845
Changes:
horizon (3:23.0.0-5+deb12u2) bookworm; urgency=medium
.
* OSSN-0097: Horizon RC file generation does not escape special characters in
project. Applied upstream patch: "Escape $ character in shellfilter, and
use it consistently" (Closes: #1138845).
Checksums-Sha1:
343018caf88671a0e78d621d1e11c61c5707214b 4569 horizon_23.0.0-5+deb12u2.dsc
a790adc0f5e0ec040b6b021aa3abdc9809939fbc 3292580 horizon_23.0.0.orig.tar.xz
4e336b0e25e55fbfb342c6c62048013ceb948df1 35640
horizon_23.0.0-5+deb12u2.debian.tar.xz
30b5f840fe06808fffb50a3f6c03c8e2f095adc8 18699
horizon_23.0.0-5+deb12u2_amd64.buildinfo
Checksums-Sha256:
dbc38ff0f51789ce8f88acf0cf5e7726acf0eb98fe295b3ee768d1d3991260aa 4569
horizon_23.0.0-5+deb12u2.dsc
a1e3b207b12e29dd8acead3c58a4439ee72563632c4c837d8b3e1d58a0b8df39 3292580
horizon_23.0.0.orig.tar.xz
96d2965a34e85045a02c42eaeb423da81e9dd7897d066a46008edb9724bf33b5 35640
horizon_23.0.0-5+deb12u2.debian.tar.xz
e84889d04a118213872df5c06d45927d530c51ad26b7c2353097bc622cf0208b 18699
horizon_23.0.0-5+deb12u2_amd64.buildinfo
Files:
001aa96dd4274d99ef8d739e6805832e 4569 net optional horizon_23.0.0-5+deb12u2.dsc
b843baf58d6930d71669bf72d2a0539d 3292580 net optional
horizon_23.0.0.orig.tar.xz
8738335c126178806b416f28ec209427 35640 net optional
horizon_23.0.0-5+deb12u2.debian.tar.xz
1ab45b6d9e7b91910666e5795353102c 18699 net optional
horizon_23.0.0-5+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmovonYACgkQ1BatFaxr
Q/6HUw/+J0B3VK4KJzuNSdZPKxrI+ict3DM9WIVdjMKS+3RqvmWz/DRkBPaknNa1
4lROEbnejwOw6tdycNK8AYIM6rEKF/eMjKoAUPcX5LUcYe2fKq3U8jM3ovP2CfVD
g/1kE14QZzywnC6OCcigYGXcfFw+013i2+sKW01+HeZWzlZ/NgAqJqNLPpL1TKCY
TXNOIR5h4Y2ioZZXH5eA65ABSTmNjzOfGnIvjQ+Lm0Sm1v3d5kneQu/L0+PVRR4J
GVxkXUcexjikZ34Ygxt/x3VrhWymUUR3mUO1z50U4AnaoWdTLDljo0ClslxfpyOE
YXvNXYQh4mo1U3W+OhkIcodu+CziX+vYgQDuTnFuHUNHl87lt90XtMt7GzjFRV91
77JYcHDvB7JfgJrqEDgBRrPmOWA58T98FIVghpiDH+0/28NV81GLNmDBOMHonuK+
1rbipZjIOqlz7tnNLz4cESPXsJLjgy1+24JGZiT8baNzlJnse17HVozheEElGAgu
8XkVWtX4Mk+5+6GymAk8E3YEnaPiN5Wt7XrR6Tq2ejgclH1CPGDFgkFh2oCnaxCV
0y85F7UKHUs+5pYnx7uiLjM+IOV0HIaXsEqX/3UzJ47PAkKVAzTja5aU0PZwWtnL
NvwsPgzuohOL64U6F9m0z/9te/XnStOpHxF94uEKIXoH+d4C/p0=
=sXFQ
-----END PGP SIGNATURE-----
pgp6l1MSTHyO1.pgp
Description: PGP signature
--- End Message ---
