subject:"\[Openstack\] \[OSSA 2012\-012\] Horizon, Open redirect through 'next' parameter \(CVE\-2012\-3540\)"

Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)

2012-09-13 Thread Kiall Mac Innes

According to Russell's message - this bug only affects the essex/stable branch.. No backport is necessary I guess.. Also - https://github.com/openstack/horizon/tree/stable/essex shows the most recent commit is the commit/fix he linked to.. Thanks, Kiall On Thu, Sep 13, 2012 at 4:17 PM, andi abe

Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)

2012-09-13 Thread andi abes

Has a fix for this been backported to essex/stable branch? On Thu, Aug 30, 2012 at 11:35 AM, Russell Bryant wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > This advisory included the wrong CVE. It was CVE-2012-3540. Sorry > about that. > > On 08/30/2012 11:10 AM, Russell Bryant wr

Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)

2012-08-30 Thread Russell Bryant

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This advisory included the wrong CVE. It was CVE-2012-3540. Sorry about that. On 08/30/2012 11:10 AM, Russell Bryant wrote: > OpenStack Security Advisory: 2012-012 CVE: CVE-2012-3542 This should have been CVE-2012-3540 > Date: August 30, 2012 Titl