Bug#788306: [PKG-Openstack-devel] Bug#788306: Bug#788306: Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

On Thu, Jun 11, 2015 at 01:01:35AM +0200, Thomas Goirand wrote: Could you please allow me to upload the package to the security FTP, even without a DSA? Dealing with the release team to update software for security is often frustrating because it takes too long (because they are busy, and they

Bug#788306: [PKG-Openstack-devel] Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

On Wed, Jun 10, 2015 at 10:42 AM, Salvatore Bonaccorso car...@debian.org wrote: On Wed, Jun 10, 2015 at 09:10:56AM +0200, László Böszörményi (GCS) wrote: Just checked. The Wheezy version doesn't contain the vulnerable code segment, but the Jessie version does. Mark the bug accordingly. In

Bug#788306: [PKG-Openstack-devel] Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

Control: found -1 2014.1.3-1 Hi Salvatore, On Wed, Jun 10, 2015 at 7:37 AM, Salvatore Bonaccorso car...@debian.org wrote: Source: horizon Version: 2015.1.0-1 Severity: important Tags: security upstream fixed-upstream [...] CVE-2015-3219[0]: XSS in Horizon Heat stack creation [...] Please

Bug#788306: [PKG-Openstack-devel] Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

Hey Lazlo, On Wed, Jun 10, 2015 at 09:10:56AM +0200, László Böszörményi (GCS) wrote: Control: found -1 2014.1.3-1 Hi Salvatore, On Wed, Jun 10, 2015 at 7:37 AM, Salvatore Bonaccorso car...@debian.org wrote: Source: horizon Version: 2015.1.0-1 Severity: important Tags: security

Bug#788306: [PKG-Openstack-devel] Bug#788306: Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

On 06/10/2015 09:10 AM, László Böszörményi (GCS) wrote: Control: found -1 2014.1.3-1 Hi Salvatore, On Wed, Jun 10, 2015 at 7:37 AM, Salvatore Bonaccorso car...@debian.org wrote: Source: horizon Version: 2015.1.0-1 Severity: important Tags: security upstream fixed-upstream [...]

Bug#788306: [PKG-Openstack-devel] Bug#788306: Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

On 06/10/2015 12:23 PM, László Böszörményi (GCS) wrote: On Wed, Jun 10, 2015 at 10:42 AM, Salvatore Bonaccorso car...@debian.org wrote: On Wed, Jun 10, 2015 at 09:10:56AM +0200, László Böszörményi (GCS) wrote: Just checked. The Wheezy version doesn't contain the vulnerable code segment, but

Bug#788306: [PKG-Openstack-devel] Bug#788306: Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

On Wed, Jun 10, 2015 at 05:00:27PM +0200, Thomas Goirand wrote: On 06/10/2015 12:23 PM, László Böszörményi (GCS) wrote: On Wed, Jun 10, 2015 at 10:42 AM, Salvatore Bonaccorso car...@debian.org wrote: On Wed, Jun 10, 2015 at 09:10:56AM +0200, László Böszörményi (GCS) wrote: Just checked.

Bug#788306: [PKG-Openstack-devel] Bug#788306: Bug#788306: Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

On 06/10/2015 11:06 PM, Moritz Mühlenhoff wrote: On Wed, Jun 10, 2015 at 05:00:27PM +0200, Thomas Goirand wrote: On 06/10/2015 12:23 PM, László Böszörményi (GCS) wrote: On Wed, Jun 10, 2015 at 10:42 AM, Salvatore Bonaccorso car...@debian.org wrote: On Wed, Jun 10, 2015 at 09:10:56AM +0200,

Bug#788306: horizon: CVE-2015-3219: XSS in Horizon Heat stack creation

Source: horizon Version: 2015.1.0-1 Severity: important Tags: security upstream fixed-upstream Hi, the following vulnerability was published for horizon. CVE-2015-3219[0]: XSS in Horizon Heat stack creation If you fix the vulnerability please also make sure to include the CVE (Common