-horizon (2015.1.0-2) UNRELEASED; urgency=medium
+horizon (2015.1.0-2) unstable; urgency=high
* Added update for the sv.po debconf translations (Closes: #781680).
+ * Added upstream patch for CVE-2015-3988 (Closes: #786741):
+ Persistent_XSS_in_Horizon_metadata_dashboard.patch
-- Thomas Goirand <zigo@debian.org> Tue, 12 May 2015 23:23:46 +0200
--- /dev/null
+Description: Sanitation of metadata passed from Django
+ We need to escape HTML in metadata passed from Django, which can lead to
+ security issues. Refer to the bug for more details.
+From: Thai Tran <tqtran@us.ibm.com>
+Date: Fri, 1 May 2015 17:25:29 +0000 (-0700)
+X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fhorizon.git;a=commitdiff_plain;h=a0101fe34abcb95012d215d4ba8f908632ba9876
+Co-Authored-By: Szymon Wroblewski <szymon.wroblewski@intel.com>
+Change-Id: I4821eacb0bb274befab7995f3a8f87c82d3997f5
+Bug-Ubuntu: https://bugs.launchpad.net/horizon/+bug/1449260
+Bug-Debian: https://bugs.debian.org/786741
+Origin: https://review.openstack.org/#/c/183656/
+
+diff --git a/horizon/templates/horizon/common/_modal_form_update_metadata.html b/horizon/templates/horizon/common/_modal_form_update_metadata.html
+index 1c8e1c9..1123247 100644
+--- a/horizon/templates/horizon/common/_modal_form_update_metadata.html
++++ b/horizon/templates/horizon/common/_modal_form_update_metadata.html
+@@ -11,8 +11,8 @@
+ existing="existing"
+ model="tree"></hz-metadata-tree>
+ <script type="text/javascript">
+- var existing_metadata = {{ existing_metadata|safe }};
+- var available_metadata = {{ available_metadata|safe }};
++ var existing_metadata = JSON.parse('{{ existing_metadata|escapejs }}');
++ var available_metadata = JSON.parse('{{ available_metadata|escapejs }}');
+ </script>
+ {% endblock %}
+
Code Review / openstack-build / horizon-build.git / commitdiff