Debian Security Advisory
DSA-3617-1 horizon -- security update
- Date Reported:
- 06 Jul 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3219, CVE-2016-4428.
- More information:
Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud.
For the stable distribution (jessie), these problems have been fixed in version 2014.1.3-7+deb8u2.
For the testing distribution (stretch), these problems have been fixed in version 3:9.0.1-2.
For the unstable distribution (sid), these problems have been fixed in version 3:9.0.1-2.
We recommend that you upgrade your horizon packages.