UbuntuUpdates.org

Package "horizon"

Name: horizon

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • django web interface to Openstack
  • Ubuntu theme for the Openstack dashboard
  • Django module providing web based interaction with OpenStack
  • dummy transitonal package

Latest version: 1:2014.1.5-0ubuntu2.1
Release: trusty (14.04)
Level: security
Repository: main

Links



Other versions of "horizon" in Trusty

Repository Area Version
base main 1:2014.1-0ubuntu1
updates main 1:2014.1.5-0ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2014.1.5-0ubuntu2.1 2017-10-11 13:06:48 UTC

  horizon (1:2014.1.5-0ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: XSS in OpenStack Dashboard
    - debian/patches/CVE-2016-4428.patch: add escaping to
      horizon/utils/escape.py, openstack_dashboard/settings.py,
      openstack_dashboard/test/settings.py.
    - debian/patches/ship_escape.py: ship new file created by security
      patch.
    - CVE-2016-4428

 -- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 08:41:07 -0400

Source diff to previous version
CVE-2016-4428 Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users

Version: 1:2014.1.2-0ubuntu1.1 2014-08-21 20:06:38 UTC

  horizon (1:2014.1.2-0ubuntu1.1) trusty-security; urgency=medium

  * Pull in security fixes from trusty-updates:
    - [32a7b71] Fix multiple Cross-Site Scripting (XSS) vulnerabilities.
      + CVE-2014-3473
      + LP: #1308727
      + CVE-2014-3474
      + LP: #1322197
      + CVE-2014-3475
      + LP: #1320235
  * SECURITY UPDATE: Fix XSS issue with the unordered_list filter
    - debian/patches/CVE-2014-3594.patch: properly perform input sanitization
      in dashboards/admin/aggregates/tables.py
    - CVE-2014-3594
    - LP: #1349491
 -- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:35:52 -0500

1308727 [OSSA 2014-023] XSS in Horizon Heat template - resource name (CVE-2014-3473)
1322197 [OSSA 2014-023] Persistent XSS in OpenStack Havana UI for Network Name (CVE-2014-3474)
1320235 [OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475)
1349491 [OSSA 2014-027] Persistent XSS in the Host Aggregates interface (CVE-2014-3594)
CVE-2014-3594 Persistent XSS in Horizon Host Aggregates interface



About   -   Send Feedback to @ubuntu_updates