Package "horizon"
Name: |
horizon
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- django web interface to Openstack
- Ubuntu theme for the Openstack dashboard
- Django module providing web based interaction with OpenStack
- dummy transitonal package
|
Latest version: |
1:2014.1.5-0ubuntu2.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "horizon" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
horizon (1:2014.1.5-0ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: XSS in OpenStack Dashboard
- debian/patches/CVE-2016-4428.patch: add escaping to
horizon/utils/escape.py, openstack_dashboard/settings.py,
openstack_dashboard/test/settings.py.
- debian/patches/ship_escape.py: ship new file created by security
patch.
- CVE-2016-4428
-- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 08:41:07 -0400
|
Source diff to previous version |
CVE-2016-4428 |
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users |
|
horizon (1:2014.1.2-0ubuntu1.1) trusty-security; urgency=medium
* Pull in security fixes from trusty-updates:
- [32a7b71] Fix multiple Cross-Site Scripting (XSS) vulnerabilities.
+ CVE-2014-3473
+ LP: #1308727
+ CVE-2014-3474
+ LP: #1322197
+ CVE-2014-3475
+ LP: #1320235
* SECURITY UPDATE: Fix XSS issue with the unordered_list filter
- debian/patches/CVE-2014-3594.patch: properly perform input sanitization
in dashboards/admin/aggregates/tables.py
- CVE-2014-3594
- LP: #1349491
-- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:35:52 -0500
|
1308727 |
[OSSA 2014-023] XSS in Horizon Heat template - resource name (CVE-2014-3473) |
1322197 |
[OSSA 2014-023] Persistent XSS in OpenStack Havana UI for Network Name (CVE-2014-3474) |
1320235 |
[OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475) |
1349491 |
[OSSA 2014-027] Persistent XSS in the Host Aggregates interface (CVE-2014-3594) |
CVE-2014-3594 |
Persistent XSS in Horizon Host Aggregates interface |
|
About
-
Send Feedback to @ubuntu_updates