We've decided to drop this issue while testing for the vulnerability and
was unable to recreate the issue. The product team is also not willing
to update the package on the basis that there is no way to exploit the
vulnerability within Horizon.
If we do find an exploit we would be happy to repopen the issue.
** Changed in: python-xstatic-bootstrap-scss (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940450
Title:
XSS The data-template attribute of the tooltip and popover plugins
lacks input sanitization and may allow attacker to execute arbitrary
JavaScript.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1940450/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
