Hey Lazlo, On Wed, Jun 10, 2015 at 09:10:56AM +0200, László Böszörményi (GCS) wrote: > Control: found -1 2014.1.3-1 > > Hi Salvatore, > > On Wed, Jun 10, 2015 at 7:37 AM, Salvatore Bonaccorso <car...@debian.org> > wrote: > > Source: horizon > > Version: 2015.1.0-1 > > Severity: important > > Tags: security upstream fixed-upstream > [...] > > CVE-2015-3219[0]: > > XSS in Horizon Heat stack creation > [...] > > Please adjust the affected versions in the BTS as needed. > Just checked. The Wheezy version doesn't contain the vulnerable code > segment, but the Jessie version does. Mark the bug accordingly. > In case you may accept, I attach a debdiff for Jessie.
Thanks for the quick followups. Am I right that jessie though is not affected due to https://bugs.launchpad.net/horizon/+bug/1453074/comments/13 The field help_text is always escaped already. Is that right? Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
