Hi, On Mon May 25, 2015 at 07:36:15 +0200, Salvatore Bonaccorso wrote: > Source: horizon > Version: 2015.1.0-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for horizon. > > CVE-2015-3988[0]: > | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack > | Dashboard (Horizon) 2015.1.0 allow remote authenticated users to > | inject arbitrary web script or HTML via the metadata to a (1) Glance > | image, (2) Nova flavor or (3) Host Aggregate.
The patch seems to be https://git.openstack.org/cgit/openstack/horizon/commit/?id=6c944b5013acb0dce7cf3d8717e58f7f2427be07 Cheers, Martin -- Martin Zobel-Helas <zo...@debian.org> Debian System Administrator Debian & GNU/Linux Developer Debian Listmaster http://about.me/zobel Debian Webmaster GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
