On 06/10/2015 09:10 AM, László Böszörményi (GCS) wrote: > Control: found -1 2014.1.3-1 > > Hi Salvatore, > > On Wed, Jun 10, 2015 at 7:37 AM, Salvatore Bonaccorso <car...@debian.org> > wrote: >> Source: horizon >> Version: 2015.1.0-1 >> Severity: important >> Tags: security upstream fixed-upstream > [...] >> CVE-2015-3219[0]: >> XSS in Horizon Heat stack creation > [...] >> Please adjust the affected versions in the BTS as needed. > Just checked. The Wheezy version doesn't contain the vulnerable code > segment, but the Jessie version does. Mark the bug accordingly. > In case you may accept, I attach a debdiff for Jessie. > > Regards, > Laszlo/GCS
Thanks Laszlo for the patch. I have applied it to the debian/icehouse branch in our Git, and just added the closing of this bug in the changelog. The resulting package is here: Full folder: http://sid.gplhost.com/horizon/ .dsc file: http://sid.gplhost.com/horizon/horizon_2014.1.3-7+deb8u1.dsc .debdiff file: http://sid.gplhost.com/horizon/horizon_2014.1.3-7+deb8u1.debdiff Right now, I'm applying the fix to Sid and Jessie-backports. Dear security team, can I upload the above? Cheers, Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
