Hi, On Mon May 25, 2015 at 11:47:17 +0200, Martin Zobel-Helas wrote: > Hi, > > On Mon May 25, 2015 at 07:36:15 +0200, Salvatore Bonaccorso wrote: > > Source: horizon > > Version: 2015.1.0-1 > > Severity: important > > Tags: security upstream > > > > Hi, > > > > the following vulnerability was published for horizon. > > > > CVE-2015-3988[0]: > > | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack > > | Dashboard (Horizon) 2015.1.0 allow remote authenticated users to > > | inject arbitrary web script or HTML via the metadata to a (1) Glance > > | image, (2) Nova flavor or (3) Host Aggregate. > > The patch seems to be > https://git.openstack.org/cgit/openstack/horizon/commit/?id=6c944b5013acb0dce7cf3d8717e58f7f2427be07
The above link was for Juno, which is not in Debian. The correct link is https://review.openstack.org/#/c/183656/ Cheers, Martin -- Martin Zobel-Helas <zo...@debian.org> Debian System Administrator Debian & GNU/Linux Developer Debian Listmaster http://about.me/zobel Debian Webmaster GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
