Your message dated Thu, 30 Aug 2012 18:47:41 +0000
with message-id <e1t79mh-000599...@franck.debian.org>
and subject line Bug#686050: fixed in horizon 2012.1.1-4
has caused the Debian Bug report #686050,
regarding Tracking CVE-2012-3540
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
686050: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: horizon
Version: 2012.1.1-3
Severity: grave
Hi,
I'm opening this bug to track resolution of CVE-2012-3540.
The issue is embargoed until Thursday, August 30th, 1500 UTC,
so no upload will be made until then.
I am currently preparing the package update. Note that the
received patches applies fine.
Cheers,
Thomas Goirand (zigo)
--- End Message ---
--- Begin Message ---
Source: horizon
Source-Version: 2012.1.1-4
We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 686...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated horizon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 28 Aug 2012 03:05:44 +0000
Source: horizon
Binary: python-django-horizon openstack-dashboard openstack-dashboard-apache
Architecture: source all
Version: 2012.1.1-4
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
openstack-dashboard - OpenStack Dashboard
openstack-dashboard-apache - OpenStack Dashboard - Apache support
python-django-horizon - Django module providing web interaction with OpenStack
Closes: 686050
Changes:
horizon (2012.1.1-4) unstable; urgency=high
.
* CVE-2012-3540: added patch: Disallow login redirects to anywhere other than
the same origin (Closes: #686050).
Checksums-Sha1:
5e001f44bb47054e98231078c4354b76c0798aac 1935 horizon_2012.1.1-4.dsc
231147e4eb7cb2bec84cd8ee9fa9012a05c1a43b 5264 horizon_2012.1.1-4.debian.tar.gz
f7c666ad08b44dfcb23347c92084fb587b8f5e41 391216
python-django-horizon_2012.1.1-4_all.deb
756439debc9c8ab031415779aae46de7f3b445dc 195624
openstack-dashboard_2012.1.1-4_all.deb
b34cef6001cef7e90c0dda421c269f806c0e72a0 3844
openstack-dashboard-apache_2012.1.1-4_all.deb
Checksums-Sha256:
cc868c6443dde104e6b2cd360a6936b9db90efe580e0184145cce6b812cf5f8d 1935
horizon_2012.1.1-4.dsc
810b0fd9b8ee3b28c6fd4a1f84e686b676c5c5f5193634125a42c2b6779c2a20 5264
horizon_2012.1.1-4.debian.tar.gz
a4b8ab303fe1c2bbb4e9eeaac03308569c79cb666a77b39069cc04bcfc499a65 391216
python-django-horizon_2012.1.1-4_all.deb
7b97761c566a307e967464d7972588d82238ce82de6ac0d8147400b24d86a006 195624
openstack-dashboard_2012.1.1-4_all.deb
4e5ce8673cab70c2bf4c04bc8a75899e7958060be0af3ae144a77d623bc5afe9 3844
openstack-dashboard-apache_2012.1.1-4_all.deb
Files:
064c740c0a0df024810b5832cf817128 1935 net extra horizon_2012.1.1-4.dsc
392f79a9d572d667342f4ad3b8665113 5264 net extra
horizon_2012.1.1-4.debian.tar.gz
de69f60163eb5ca601e03aa2c17145be 391216 python extra
python-django-horizon_2012.1.1-4_all.deb
d35bf4e0db38250251302e6fdf431a70 195624 net extra
openstack-dashboard_2012.1.1-4_all.deb
c63d4cbadccf92233d2abaec08afbd9e 3844 net extra
openstack-dashboard-apache_2012.1.1-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlA/s5UACgkQl4M9yZjvmkkSgACgu97UGohbsezf6nFE2ml53+ow
qIUAn0m1u8zw7taw0TAbR+4c4AnQW5uy
=nRXU
-----END PGP SIGNATURE-----
--- End Message ---
