UbuntuUpdates.org

Package "horizon"

Name: horizon

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • django web interface to Openstack
  • Ubuntu theme for the Openstack dashboard
  • Django module providing web based interaction with OpenStack
  • dummy transitonal package from python-django-openstack to python-django-horizon

Latest version: 2012.1.3+stable~20120815-691dd2-0ubuntu1.1
Release: precise (12.04)
Level: security
Repository: main

Links



Other versions of "horizon" in Precise

Repository Area Version
base main 2012.1-0ubuntu8
updates main 2012.1.3+stable-20130423-5ce39422-0ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2012.1.3+stable~20120815-691dd2-0ubuntu1.1 2012-09-13 00:06:49 UTC

  horizon (2012.1.3+stable~20120815-691dd2-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: open redirect / phishing attack via "next"
    parameter (LP: #1039077)
    - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
      other than the same origin
    - CVE-2012-3540
 -- Steve Beattie <email address hidden> Thu, 30 Aug 2012 17:15:04 -0700

Source diff to previous version
1039077 open redirect / phishing attack via \
CVE-2012-3540 Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitr

Version: 2012.1-0ubuntu8.1 2012-05-07 15:09:22 UTC

  horizon (2012.1-0ubuntu8.1) precise-security; urgency=low

  * SECURITY UPDATE: fix XSS when refreshing logs
    - debian/patches/CVE-2012-2094.patch: interpret logs as text
    - CVE-2012-2094
  * SECURITY UPDATE: fix session fixation and reuse
    - debian/patches/CVE-2012-2144.patch: properly verify existing session and
      also log user out on error
    - CVE-2012-2144
 -- Jamie Strandboge <email address hidden> Wed, 02 May 2012 08:19:13 -0500

CVE-2012-2144 OSSA 2012-006: Horizon session fixation and reuse



About   -   Send Feedback to @ubuntu_updates