From: Thomas Goirand <zigo@debian.org>
Date: Mon, 25 May 2015 10:26:22 +0000 (+0200)
Subject: Added upstream patch for CVE-2015-3988 (Closes: #786741): Persistent_XSS_in_Horizon_m... 
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=84541c4649d6f0d360ee08030c27527397a9c6b1;p=openstack-build%2Fhorizon-build.git

Added upstream patch for CVE-2015-3988 (Closes: #786741): Persistent_XSS_in_Horizon_metadata_dashboard.patch

Rewritten-From: 7fe10752079fc1911c7209a17b1e0571307c96cb
---

diff --git a/trusty/debian/changelog b/trusty/debian/changelog
index c3ad735..c77b8f2 100644
--- a/trusty/debian/changelog
+++ b/trusty/debian/changelog
@@ -1,6 +1,8 @@
-horizon (2015.1.0-2) UNRELEASED; urgency=medium
+horizon (2015.1.0-2) unstable; urgency=high
 
   * Added update for the sv.po debconf translations (Closes: #781680).
+  * Added upstream patch for CVE-2015-3988 (Closes: #786741):
+    Persistent_XSS_in_Horizon_metadata_dashboard.patch
 
  -- Thomas Goirand <zigo@debian.org>  Tue, 12 May 2015 23:23:46 +0200
 
diff --git a/trusty/debian/patches/CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch b/trusty/debian/patches/CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch
new file mode 100644
index 0000000..befeb03
--- /dev/null
+++ b/trusty/debian/patches/CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch
@@ -0,0 +1,27 @@
+Description: Sanitation of metadata passed from Django
+ We need to escape HTML in metadata passed from Django, which can lead to
+ security issues. Refer to the bug for more details.
+From: Thai Tran <tqtran@us.ibm.com>
+Date: Fri, 1 May 2015 17:25:29 +0000 (-0700)
+X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fhorizon.git;a=commitdiff_plain;h=a0101fe34abcb95012d215d4ba8f908632ba9876
+Co-Authored-By: Szymon Wroblewski <szymon.wroblewski@intel.com>
+Change-Id: I4821eacb0bb274befab7995f3a8f87c82d3997f5
+Bug-Ubuntu: https://bugs.launchpad.net/horizon/+bug/1449260
+Bug-Debian: https://bugs.debian.org/786741
+Origin: https://review.openstack.org/#/c/183656/
+
+diff --git a/horizon/templates/horizon/common/_modal_form_update_metadata.html b/horizon/templates/horizon/common/_modal_form_update_metadata.html
+index 1c8e1c9..1123247 100644
+--- a/horizon/templates/horizon/common/_modal_form_update_metadata.html
++++ b/horizon/templates/horizon/common/_modal_form_update_metadata.html
+@@ -11,8 +11,8 @@
+                     existing="existing"
+                     model="tree"></hz-metadata-tree>
+   <script type="text/javascript">
+-    var existing_metadata = {{ existing_metadata|safe }};
+-    var available_metadata = {{ available_metadata|safe }};
++    var existing_metadata = JSON.parse('{{ existing_metadata|escapejs }}');
++    var available_metadata = JSON.parse('{{ available_metadata|escapejs }}');
+   </script>
+ {% endblock %}
+ 
diff --git a/trusty/debian/patches/series b/trusty/debian/patches/series
index d9124cb..6148701 100644
--- a/trusty/debian/patches/series
+++ b/trusty/debian/patches/series
@@ -2,3 +2,4 @@ fix-dashboard-django-wsgi.patch
 fix-dashboard-manage.patch
 fixed-horizon-MANIFEST.in.patch
 adds-minus-v-flag-when-running-nosetests.patch
+CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch