Package "openstack-dashboard"
Name: |
openstack-dashboard
|
Description: |
django web interface to Openstack
|
Latest version: |
2012.1.3+stable-20130423-5ce39422-0ubuntu1 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
horizon |
Homepage: |
http://launchpad.net/horizon |
Links
Download "openstack-dashboard"
Other versions of "openstack-dashboard" in Precise
Changelog
horizon (2012.1.3+stable-20130423-5ce39422-0ubuntu1) precise-proposed; urgency=low
* Resynchronize with stable/essex (LP: #1089488)
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
- [9b22d68] When adding ICMP rule, the type/code is being validated as
from/to ports (LP: #997669)
- [52bbba1] Added --only-selenium option in run_tests.sh
* Dropped patches, superseeded by new snapshot:
- debian/patches/CVE-2012-3540.patch [35eada8]
-- Yolanda <email address hidden> Wed, 24 Apr 2013 15:46:28 +0200
|
Source diff to previous version |
1089488 |
Meta bug for tracking Openstack Stable Updates |
1057125 |
stable/essex horizon installs unusable version of glance |
1039077 |
open redirect / phishing attack via \ |
1031291 |
TypeError when trying to delete an unnamed volume via dashboard |
1020555 |
Wrong 'Download CSV Summary' link |
997669 |
When adding ICMP rule, the type/code is being validated as from/to ports |
CVE-2012-3540 |
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitr |
|
horizon (2012.1.3+stable~20120815-691dd2-0ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: open redirect / phishing attack via "next"
parameter (LP: #1039077)
- debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
other than the same origin
- CVE-2012-3540
-- Steve Beattie <email address hidden> Thu, 30 Aug 2012 17:15:04 -0700
|
Source diff to previous version |
1039077 |
open redirect / phishing attack via \ |
CVE-2012-3540 |
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitr |
|
horizon (2012.1.3+stable~20120815-691dd2-0ubuntu1) precise-proposed; urgency=low
[ Chuck Short ]
* New upstream release (LP: #1041120):
- 9b22d6 - Fixed validation check for ICMP rules. (LP: #997669)
* Dropped:
- debian/patches/CVE-2012-2094.patch: No longer needed.
- debian/patches/CVE-2012-2144.patch: No longer needed.
[ Adam Gandelman ]
* debian/patches/juju_panel-handle_catalog_exception.patch: Gracefully handle
missing endpoints in Keystone catalog during Juju environmnets.yaml
generation. (LP: #1033920)
-- Adam Gandelman <email address hidden> Tue, 24 Aug 2012 03:27:33 -0500
|
Source diff to previous version |
1041120 |
Meta bug for tracking Openstack Stable Updates |
997669 |
When adding ICMP rule, the type/code is being validated as from/to ports |
1033920 |
Dashboard raises a ServiceCatalogException when attempting to download juju settings |
CVE-2012-2094 |
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Ho |
CVE-2012-2144 |
OSSA 2012-006: Horizon session fixation and reuse |
|
horizon (2012.1-0ubuntu8.1) precise-security; urgency=low
* SECURITY UPDATE: fix XSS when refreshing logs
- debian/patches/CVE-2012-2094.patch: interpret logs as text
- CVE-2012-2094
* SECURITY UPDATE: fix session fixation and reuse
- debian/patches/CVE-2012-2144.patch: properly verify existing session and
also log user out on error
- CVE-2012-2144
-- Jamie Strandboge <email address hidden> Wed, 02 May 2012 08:19:13 -0500
|
|
About
-
Send Feedback to @ubuntu_updates