From: Ghe Rivero <ghe@debian.org>
Date: Tue, 17 Apr 2012 17:39:27 +0000 (+0200)
Subject: fix CVE_2012-2094
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=fbfe6ded1f0b231f9e00caed7c60c0cbcc80b988;p=openstack-build%2Fhorizon-build.git

fix CVE_2012-2094

Rewritten-From: 4d2bcc69a337c0089b09c642afaf384c150b63d2
---

diff --git a/trusty/debian/changelog b/trusty/debian/changelog
index 67eed6b..5d6001c 100644
--- a/trusty/debian/changelog
+++ b/trusty/debian/changelog
@@ -1,3 +1,9 @@
+horizon (2012.1-3) unstable; urgency=low
+
+  * Fixed CVE_2012-2094
+
+ -- Ghe Rivero <ghe.rivero@stackops.com>  Tue, 17 Apr 2012 19:38:18 +0200
+
 horizon (2012.1-2) unstable; urgency=low
 
   * Make openstack-dashboard depends on the same version of
diff --git a/trusty/debian/patches/CVE_2012-2094 b/trusty/debian/patches/CVE_2012-2094
new file mode 100644
index 0000000..6b9fb26
--- /dev/null
+++ b/trusty/debian/patches/CVE_2012-2094
@@ -0,0 +1,11 @@
+--- a/horizon/static/horizon/js/horizon.js
++++ b/horizon/static/horizon/js/horizon.js
+@@ -284,7 +284,7 @@
+         data: data,
+         method: 'get',
+         success: function(response_body) {
+-          $('pre.logs').html(response_body);
++          $('pre.logs').text(response_body);
+         },
+         error: function(response) {
+           if(via_user_submit) {
diff --git a/trusty/debian/patches/series b/trusty/debian/patches/series
new file mode 100644
index 0000000..ee073ee
--- /dev/null
+++ b/trusty/debian/patches/series
@@ -0,0 +1 @@
+CVE_2012-2094