Your message dated Mon, 25 May 2015 12:34:28 +0000
with message-id <[email protected]>
and subject line Bug#786741: fixed in horizon 2015.1.0-2
has caused the Debian Bug report #786741,
regarding horizon: CVE-2015-3988: Persistent XSS in Horizon metadata dashboard
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
786741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786741
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: horizon
Version: 2015.1.0-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for horizon.

CVE-2015-3988[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack
| Dashboard (Horizon) 2015.1.0 allow remote authenticated users to
| inject arbitrary web script or HTML via the metadata to a (1) Glance
| image, (2) Nova flavor or (3) Host Aggregate.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3988

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: horizon
Source-Version: 2015.1.0-2

We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated horizon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 12 May 2015 23:23:46 +0200
Source: horizon
Binary: python-django-horizon openstack-dashboard openstack-dashboard-apache
Architecture: source all
Version: 2015.1.0-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
 openstack-dashboard - web application to control an OpenStack cloud
 openstack-dashboard-apache - OpenStack Dashboard - Apache support
 python-django-horizon - Django module providing web interaction with OpenStack
Closes: 781680 786741
Changes:
 horizon (2015.1.0-2) unstable; urgency=high
 .
   * Added update for the sv.po debconf translations (Closes: #781680).
   * Added upstream patch for CVE-2015-3988 (Closes: #786741):
     Persistent_XSS_in_Horizon_metadata_dashboard.patch
Checksums-Sha1:
 4b6f92bdbd8654eca05f1535ff904f6857de6fdb 4018 horizon_2015.1.0-2.dsc
 2b70850a8835e1a42f581e16201238854a74bcd7 16200 horizon_2015.1.0-2.debian.tar.xz
 7f6b57eac9320b7830a366837173bf9e24adefb7 1811472 
python-django-horizon_2015.1.0-2_all.deb
 d4201d5e862605f4ab0926c0d4fee65b31524f04 1613944 
openstack-dashboard_2015.1.0-2_all.deb
 305d587ebffd1aa8a338f28829a7e4c2d4409c49 11194 
openstack-dashboard-apache_2015.1.0-2_all.deb
Checksums-Sha256:
 44046c5dfa41a2e1d9dd07c1173a2567d10c3032674681c81391d3d03e129d06 4018 
horizon_2015.1.0-2.dsc
 5fe81ed700a8f33b1dcc2a26dd787ed7f87e46891279b2371a5f4370c2abf58b 16200 
horizon_2015.1.0-2.debian.tar.xz
 c0c09bcc82fc24fb92e8eb886a91a47b10b66dfe50ac5ff974bd97deb57c2b76 1811472 
python-django-horizon_2015.1.0-2_all.deb
 ac7c712cf7ab005a74a5b8aa63207f8bb1aa6a19fb62ffb4701b0844b0b998f7 1613944 
openstack-dashboard_2015.1.0-2_all.deb
 2d098bc4ca11f4861d6c00f40f0299caf6e779a18a88c86c66f489da9888b823 11194 
openstack-dashboard-apache_2015.1.0-2_all.deb
Files:
 fdbdd29c193aa1a2d2f168a2575cab53 4018 net extra horizon_2015.1.0-2.dsc
 bffc6678189858a13ada0df22603f40a 16200 net extra 
horizon_2015.1.0-2.debian.tar.xz
 dda1d3433827ee5cc35f2379eab2e021 1811472 python extra 
python-django-horizon_2015.1.0-2_all.deb
 708d4c7e322a1eba7752840838415d5f 1613944 net extra 
openstack-dashboard_2015.1.0-2_all.deb
 ba5b7bf126bdfe953cac06bb81299aee 11194 net extra 
openstack-dashboard-apache_2015.1.0-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVYxQoAAoJENQWrRWsa0P+EFYQAI7jMqj45zMigH1E9FHYJifk
To/p20b+ktBEWZIpz3VIV8qc75007+cvvrYm8G7waOzqqgnOtVV8jifPOgzd1t5C
AtSYc2sAfAK4sJD9zExHhoaITD4e6OI+rfFEghFErigoTq5Em50hgkrR+cA1q4Iv
g1KGvN+8XRh2qHI7u0jtmNOhqYR53epYxzoCmVkKkIfiZcPwq4lVse8rDksAwYMN
GIZL2cE/qWnHnAt/2ABs6zTb1bHeK1OLKAAe9rO5pTRNkjmX1e4eh3RSp9TFV32K
18mmGsUU6jAEMSkil6/3N/riCeniQdpnfPHV35r0e8jTCrT4pSahYM4GMC5f/Ig5
bnaJBAzjBiy9mtKCWOTX7qM+c6sUoJEl2Ha+0vkiHd3A1zM50bBEgCP637sdTgWI
a1856T3XG4SgdhUG1gQxFCCdS9k2/kv2tEBFG8G8oP8razwq/18lGRMPaV+9Bszw
MSs7XG7U/P+74j7fgsUZPtUxY2h4eHRgXdqtH/kvc0NEBZVS7TB94ys+dYRLoUfE
oxnwkm3OCActvoNuI7+Ba+hl+vHNt67Du/QpAeJAcCcM/XwZz9dbkg3yXVdye7YF
K0YHHC+GDHtzf6F9dmWnN9EjzNOJaNqzsAGYSQxbllvBSbUKgvpqdPXWckOMPaEO
JPchRGJMfJ+U3U7FWLgn
=s0Tf
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to