[BSA-107] Security Update for horizon
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Thomas Goirand uploaded new packages for horizon which fixed the
following security problem:
CVE-2015-3988:
Sunil Yadav from IBM Security Services reported a persistent XSS in
Horizon. An authenticated user may conduct a persistent XSS attack by
setting a malicious metadata to a Glance image, a Nova flavor or a
Host Aggregate and tricking an administrator to load the update
metadata page. Once executed in a legitimate context this attack may
result in a privilege escalation.
For the jessie-backports distribution the problems have been fixed in
2015.1.0-2~bpo8+1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVZCO3AAoJEPGmQ7akrBn8ZpUP/0wjrxnfZIQRCU6eKtqiOw81
XnEOLBiMj04yI0zVUGX99M6kob1pICU3E+yTE2c78ryalWzHkdEoJ85zbWeeP5HS
pNHOexRalYKIz/kdUeuTvkoTFVvUyR2G51OSEDU5vXcw+YHEkhxbKPZUlc++cqm8
f/Qj10Al7HHthcC1guxUhL9gQXq28rEf8Iswok4/QUS/GI7fQea9aljFd8mKjXYm
0kzNiGNP3jfIg5JdI8//YV7er0eux00uFtSID3/iIYynzXttDw/Yn5HWfHxq/oRY
17MxehOULQIQVOLOQc4AIcoqXpSeZwTlRXRS9R1XFAQxzx/4t94C8g3PAkunpxuM
+8TxjWauIW9FY5HEyrfUZwdKQ+NTqtxhE97gbUHJEUFF9hk8XKdK3K1px1g6fHnI
opE+sSS1SYV+9jGIHx5xmq0ur4UDqvX6Qt/1MThXTuwwEtRqmuh8EwbYNwcW3X4Z
tVruYKipHOt0egk8VCCyYWNoe4XRfSuyNpH8JL7iU0qEF/oNQ2H4FrN3wFr1OriP
/2ahQoU8R4bs9Ovsx/31C1HU7ozM7d7ubpTQMolNeGsfGnFX0HepD8JzcMD2b+Bc
9ZmM5i1seqmjJAr9IV8inwijstEE9Ux3GDX5SAkHtstcF14U0kDuTlQZAx3S7PrG
WEMNbzqoGj2zcQQxSQCf
=B5Ce
-----END PGP SIGNATURE-----
Reply to: