Your message dated Tue, 16 Jun 2026 21:17:05 +0000
with message-id <[email protected]>
and subject line Bug#1138845: fixed in horizon 3:25.3.0-3+deb13u1
has caused the Debian Bug report #1138845,
regarding OSSN-0097 Horizon RC file generation does not escape special
characters in project
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138845
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: horizon
Version: 3:25.3.0-3
Severity: important
Tags: patch security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Copying the security announce:
OSSN-0097: Horizon RC file generation does not escape special characters in
project names
== Summary ==
Horizon generates shell scripts for OpenStack RC file downloads
with user-provided values in double-quoted strings without escaping
shell metacharacters. A domain manager can set a project name
containing $() or backtick sequences that execute arbitrary
commands when a user sources the RC file.
== Affected Services / Software ==
- horizon: >=8.0.0 <25.3.3, >=25.4.0 <25.5.3, >=25.6.0 <25.7.4
== Discussion ==
A domain manager who can rename a project can inject commands
that run in the shell of any user who downloads and sources the
RC file for that project.
== Recommended Actions ==
Upgrade to a version of horizon containing the fix. As a
workaround, inspect downloaded RC files before sourcing them, or
use clouds.yaml for CLI authentication instead.
=== Patches ===
The following reviews contain the fix for this issue:
2026.2/hibiscus (master):
https://review.opendev.org/c/openstack/horizon/+/990661
2026.1/gazpacho: https://review.opendev.org/c/openstack/horizon/+/991038
2025.2/flamingo: https://review.opendev.org/c/openstack/horizon/+/991039
2025.1/epoxy: https://review.opendev.org/c/openstack/horizon/+/991040
== Credits ==
Tim Shephard, roiai.ca
== Contacts / References ==
* Authors: Goutham Pacha Ravi, Red Hat
* This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0097
* Original Launchpad bug: https://launchpad.net/bugs/2152240
* Mailing List : [security-sig] tag on [email protected]
* OpenStack Security : https://security.openstack.org/
* CVE: none
--- End Message ---
--- Begin Message ---
Source: horizon
Source-Version: 3:25.3.0-3+deb13u1
Done: Thomas Goirand <[email protected]>
We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated horizon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 09 Jun 2026 10:20:14 +0200
Source: horizon
Architecture: source
Version: 3:25.3.0-3+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Closes: 1138845
Changes:
horizon (3:25.3.0-3+deb13u1) trixie; urgency=medium
.
* OSSN-0097: Horizon RC file generation does not escape special characters in
project. Applied upstream patch: "Escape $ character in shellfilter, and
use it consistently" (Closes: #1138845).
Checksums-Sha1:
c91770e13f3fc25e89c3e6218d6436dbf93f6fe0 4376 horizon_25.3.0-3+deb13u1.dsc
b0c1cadfa8b302cf2a9b95e60ebb898ef68570db 3378252 horizon_25.3.0.orig.tar.xz
15f6f1ecce06ebaf64248968166a5f798f6ba3d7 38796
horizon_25.3.0-3+deb13u1.debian.tar.xz
d7a94a7f77e7eda7de52f53da3b6749f846e8077 17583
horizon_25.3.0-3+deb13u1_amd64.buildinfo
Checksums-Sha256:
a7a76dce9aa0ed1373712be7d2b6338fd87c615a358d01008126e6050d9084f6 4376
horizon_25.3.0-3+deb13u1.dsc
85186d0da28fcdaef62b17b462dbaf0f8229c96686ae24e07b9e70b4b7751fdb 3378252
horizon_25.3.0.orig.tar.xz
f0c094b6fd447151a3ce82b86a198a37f5ba5280c91c8e0191e225f1320ab4de 38796
horizon_25.3.0-3+deb13u1.debian.tar.xz
a52fc5cb9894a6b9c285d460d8d1845ac9b65ec29ac32d5203703b60876e4330 17583
horizon_25.3.0-3+deb13u1_amd64.buildinfo
Files:
827df5ae9c622a713116e40ebba4a450 4376 net optional horizon_25.3.0-3+deb13u1.dsc
1c6790a8d9db87b1b1d290454b3e337d 3378252 net optional
horizon_25.3.0.orig.tar.xz
9039901d20cec0da75b5f22f7850c556 38796 net optional
horizon_25.3.0-3+deb13u1.debian.tar.xz
4afc3d0afe6b62f27ea2e0cbc41f946f 17583 net optional
horizon_25.3.0-3+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmovoAUACgkQ1BatFaxr
Q/5/Gw/+JSjPkmNCZ74MSjn44sn5omFu8361k0f0uihYdfx0tNmB+vHdDtTySKpd
nFAFjKHCwhZiGT9dp7k7GVJYRCzxhfh/tXh1J3Ht37AQvJvkVHlH1qP2uZikJJEe
OrCj26tcj/HvzOntQtzlfgNplQ4rvs6Zm3ruxfGzElDY4mE/7rUjNV9uW8Eo48Yv
tob6QWJrBBEiZMDOYfM8L3k0oiUQvF6qPb5+3kIwoSYZtBIVdclUEAw6YslC71Bp
SD10CSaHnOkqgXjEeJn2LaHK4a02+8sy0APhxi6/l4Vwrh4GYfgJIYqkDkpla66R
TA1Lo3YGCAhEnJ+aP5gsf5MM0cEv8xjL5fseBHyOZIpXdnXmTSWt+ESI0dAVtTIC
tfD+Su5tMKp9kjAJUbG8vXTJlyYGe/BTXHE3WPQgRjALFwjpt5AxTCzseE7aV5fp
m7u7wBgiBDsK+m8SOf3GvGfu+F+Q7vwM9OeQB+2ydj4xl7uW3nhuugc/JvGHz0JX
3NtRLWuzKeaxAr2mkzreOaiB5W/cmEf9PrBqH2mv4YluekLYJIXOywlv7Jui1r2u
agLTdSe+vcfRCI8QtTXYBajYWY/PuTcBp9nzEU2BfweC8A5fhSYYN5fMHxJy5hhY
um8ggPXyhQLiAclOWsYb4EgyQh3mWKGf8W8wytQe5eq+sDhjVDU=
=+gwb
-----END PGP SIGNATURE-----
pgpFU_LLyK7jG.pgp
Description: PGP signature
--- End Message ---
