[PKG-Openstack-devel] Bug#788306: Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 10 08:42:48 UTC 2015
Hey Lazlo,
On Wed, Jun 10, 2015 at 09:10:56AM +0200, László Böszörményi (GCS) wrote:
> Control: found -1 2014.1.3-1
>
> Hi Salvatore,
>
> On Wed, Jun 10, 2015 at 7:37 AM, Salvatore Bonaccorso <carnil at debian.org> wrote:
> > Source: horizon
> > Version: 2015.1.0-1
> > Severity: important
> > Tags: security upstream fixed-upstream
> [...]
> > CVE-2015-3219[0]:
> > XSS in Horizon Heat stack creation
> [...]
> > Please adjust the affected versions in the BTS as needed.
> Just checked. The Wheezy version doesn't contain the vulnerable code
> segment, but the Jessie version does. Mark the bug accordingly.
> In case you may accept, I attach a debdiff for Jessie.
Thanks for the quick followups. Am I right that jessie though is not
affected due to
https://bugs.launchpad.net/horizon/+bug/1453074/comments/13
The field help_text is always escaped already.
Is that right?
Regards,
Salvatore
More information about the Openstack-devel
mailing list