CVE-2016-4428: Possible client side template injection in horizon

Debian Bug report logs - #828967
CVE-2016-4428: Possible client side template injection in horizon

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2016-4428: Possible client side template injection in horizon

Date: Wed, 29 Jun 2016 14:54:09 +0200

Source: horizon
Version: 3:9.0.1-1
Severity: important

See details here:
https://bugs.launchpad.net/horizon/+bug/1567673

Message #10 received at 828967-submitter@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 828967-submitter@bugs.debian.org

Subject: Bug#828967 marked as pending

Date: Wed, 29 Jun 2016 13:02:26 +0000

tag 828967 pending
thanks

Hello,

Bug #828967 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=openstack/horizon.git;a=commitdiff;h=2da8b9a

---
commit 2da8b9aec26feb1e64e2a53a24811b7d596256ba
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed Jun 29 15:02:13 2016 +0200

      * CVE-2016-4428: Possible client side template injection in horizon. Added
        CVE-2016-4428_Escape_angularjs_templating_in_unsafe_HTML.patch from
        upstream (Closes: #828967).

diff --git a/debian/changelog b/debian/changelog
index 01de083..a7d5c07 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+horizon (3:9.0.1-2) unstable; urgency=high
+
+  * CVE-2016-4428: Possible client side template injection in horizon. Added
+    CVE-2016-4428_Escape_angularjs_templating_in_unsafe_HTML.patch from
+    upstream (Closes: #828967).
+
+ -- Thomas Goirand <zigo@debian.org>  Wed, 29 Jun 2016 14:59:37 +0200
+
 horizon (3:9.0.1-1) unstable; urgency=medium
 
   * Increase epoch.

Message #21 received at 828967-close@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 828967-close@bugs.debian.org

Subject: Bug#828967: fixed in horizon 3:9.0.1-2

Date: Wed, 29 Jun 2016 13:23:44 +0000

Source: horizon
Source-Version: 3:9.0.1-2

We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 828967@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated horizon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Jun 2016 14:59:37 +0200
Source: horizon
Binary: python-django-horizon openstack-dashboard openstack-dashboard-apache horizon-doc
Architecture: source all
Version: 3:9.0.1-2
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 horizon-doc - web application to control an OpenStack cloud - doc
 openstack-dashboard - web application to control an OpenStack cloud
 openstack-dashboard-apache - web application to control an OpenStack cloud - Apache support
 python-django-horizon - Django module providing web interaction with OpenStack
Closes: 828967
Changes:
 horizon (3:9.0.1-2) unstable; urgency=high
 .
   * CVE-2016-4428: Possible client side template injection in horizon. Added
     CVE-2016-4428_Escape_angularjs_templating_in_unsafe_HTML.patch from
     upstream (Closes: #828967).
Checksums-Sha1:
 0f8aa9f5fbd831162f26ca6a1d21366c33c206e2 4160 horizon_9.0.1-2.dsc
 c9cd7e4b487890cc610f667f51c4897b10bb640d 25900 horizon_9.0.1-2.debian.tar.xz
 5cc8855e2ef492f5d18e198b32cfe2afacaeddd4 1132944 horizon-doc_9.0.1-2_all.deb
 13f399fa50d0ec7bea7dd8c1a45bdc2334aa9101 13312 openstack-dashboard-apache_9.0.1-2_all.deb
 ccd43c358f5831dfd9d7df3541358b95846fcfc3 2445298 openstack-dashboard_9.0.1-2_all.deb
 6654a043cfa0c01ed9a2335861df7bd122ce7a6f 2208872 python-django-horizon_9.0.1-2_all.deb
Checksums-Sha256:
 da38cb15d619393b69382c58126a07a90187c8a61f2987267a6bfceca0bf78fd 4160 horizon_9.0.1-2.dsc
 6a453542e8873a8528fb79ee38351dd2b0a35cda57f0de0950d87ea1a9f24a5b 25900 horizon_9.0.1-2.debian.tar.xz
 4afcf35ebcddd19841e560975f29ded758f106652be082532dcf86abc07e90d7 1132944 horizon-doc_9.0.1-2_all.deb
 827981123c6853b591fdfa3531118484f7f16402757a8d8d110f074a58c9404f 13312 openstack-dashboard-apache_9.0.1-2_all.deb
 2840a7b7ef5d2956d181cd47e6657afe7ee4148f500a97198ad9d654a386c9bf 2445298 openstack-dashboard_9.0.1-2_all.deb
 b0d895fc8662c0fb048af527c2b2d88b4f78b7e9a0c30a06870cbc9310073c5f 2208872 python-django-horizon_9.0.1-2_all.deb
Files:
 f5be0804a949809d75543c6a49172374 4160 net extra horizon_9.0.1-2.dsc
 d12d57406d84915071ec1618c196ae6a 25900 net extra horizon_9.0.1-2.debian.tar.xz
 6866ddbf1b717b4430561040c1d02f61 1132944 doc extra horizon-doc_9.0.1-2_all.deb
 20cdf1d79cc1614fbef4cd2452275d47 13312 net extra openstack-dashboard-apache_9.0.1-2_all.deb
 fe7cd10acb3e6f3a19cba8683f5c142b 2445298 net extra openstack-dashboard_9.0.1-2_all.deb
 fc94acb5361312ac978406fc23ecbdf1 2208872 python extra python-django-horizon_9.0.1-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXc8jSAAoJENQWrRWsa0P+NrUP/RYnDjb3P0e//tD721LtOkFx
KzvXIQ/4btqSMKWc83cPfF75kGVpLAMXdUCEGI5oS0b4rVWSIAV9N4Fv6bfnvhfh
Z5sbP4iB6/Wc8kTTrh557bU5QySz2G2Qcjh6SU/zSP4/j2R9TvJI8AGRhiMEr5P/
Ilx7L4hw1uFC4lNb0pcKqA7uyIzW8Smpdl5YZmaUtuizHUoJMHePViMKm/Pmon/p
usmeAD1yUQmof8VpNhFeFFBm6VT5AXEex0dn7c+8SgfyqLJmGGoL1JcWBWQccQSd
6ETgOSQCr+FEtxlEBAh+UbKjvH+qm3IHqJAKkNN5bmSHndP01UZWd2K8HlTVMU1V
BZ32TLGNrBHkQhrajWYyho300obzIcMy0+bElba5vYTaVSyLz/RbqVwM7ZAdgQHk
lwrKHDIUVrbLPfwZH3hsCu1L6N98xwaYkHFgiB2fzO8ApXwqSPK6szqtO7khsrk8
pgaGYOjq/Nkd8XQ25AdIXKzIQMx1Mjqd4PD5TvYaxB9aLtq3dx0jJ5Ir3VR53zg2
ctAb5XmkRwHQ7g1cdghHoDdj262HzSql8ScYbxxtjxWq/KZgJ4kAoQKMs6YAfOm0
9Rv3ENxCm+3X/Khs71mVGeUR+fDcekEurtFo89Wo9KnMdZD4WDxLx9XFoHgfEgT/
fjOHeK6uFs6iRQDXofA7
=+1xW
-----END PGP SIGNATURE-----

Message #26 received at 828967-submitter@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 828967-submitter@bugs.debian.org

Subject: Bug#828967 marked as pending

Date: Wed, 29 Jun 2016 13:28:49 +0000

tag 828967 pending
thanks

Hello,

Bug #828967 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=openstack/horizon.git;a=commitdiff;h=d74e751

---
commit d74e751ce93f03240f3ad4206e93d6e7e05da55f
Author: Thomas Goirand <zigo@debian.org>
Date:   Wed Jun 29 15:28:37 2016 +0200

      * CVE-2016-4428: Possible client side template injection in horizon. Applied
        upstream patch: "Escape angularjs templating in unsafe HTML" after rebasing
        it for Icehouse (Closes: #828967).

diff --git a/debian/changelog b/debian/changelog
index 9c30c37..276e48e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+horizon (2014.1.3-7+deb8u2) jessie-security; urgency=medium
+
+  * CVE-2016-4428: Possible client side template injection in horizon. Applied
+    upstream patch: "Escape angularjs templating in unsafe HTML" after rebasing
+    it for Icehouse (Closes: #828967).
+
+ -- Thomas Goirand <zigo@debian.org>  Wed, 29 Jun 2016 15:24:16 +0200
+
 horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
 
   * Fix CVE-2015-3219 with upstream patch (Closes: 788306).

Message #31 received at 828967@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: Moritz Muehlenhoff <jmm@inutil.org>

Cc: team@security.debian.org, 828967@bugs.debian.org

Subject: Re: horizon / CVE-2016-4428 #828967

Date: Wed, 29 Jun 2016 15:50:47 +0200

[Message part 1 (text/plain, inline)]

On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
> Hi Thomas,
> https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
> it in jessie-security. Can you please prepare an update? unstable also needs the patch.
> 
> Cheers,
>         Moritz
> 

Hi Moritz,

I have uploaded fixes for both Sid and Experimental, and the fix for
Stable is committed to Git in here:

http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f

Since you may prefer a diff to read from your mail client, I have
attached it to this message.

I also uploaded the built package here:
http://sid.gplhost.com/jessie-proposed-updates/horizon/

Please allow me to upload it.

Cheers,

Thomas Goirand (zigo)

[horizon_2014.1.3-7+deb8u2.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #36 received at 828967@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Thomas Goirand <zigo@debian.org>

Cc: team@security.debian.org, 828967@bugs.debian.org

Subject: Re: horizon / CVE-2016-4428 #828967

Date: Tue, 5 Jul 2016 19:37:17 +0200

On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote:
> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
> > Hi Thomas,
> > https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
> > it in jessie-security. Can you please prepare an update? unstable also needs the patch.
> > 
> > Cheers,
> >         Moritz
> > 
> 
> Hi Moritz,
> 
> I have uploaded fixes for both Sid and Experimental, and the fix for
> Stable is committed to Git in here:
> 
> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f
> 
> Since you may prefer a diff to read from your mail client, I have
> attached it to this message.

Why do you upload something different than the debdiff you sent?

jessie has 2014.1.3-7, and what you uploaded includes an additional
fix which was never on security.debian.org:

> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
>
>  * Fix CVE-2015-3219 with upstream patch (Closes: 788306).
>
> -- Thomas Goirand <zigo@debian.org>  Wed, 10 Jun 2015 16:18:34 +0200

Cheers,
        Moritz

Message #41 received at 828967@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: team@security.debian.org, 828967@bugs.debian.org

Subject: Re: horizon / CVE-2016-4428 #828967

Date: Tue, 5 Jul 2016 21:58:58 +0200

On 07/05/2016 07:37 PM, Moritz Mühlenhoff wrote:
> On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote:
>> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
>>> Hi Thomas,
>>> https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
>>> it in jessie-security. Can you please prepare an update? unstable also needs the patch.
>>>
>>> Cheers,
>>>         Moritz
>>>
>>
>> Hi Moritz,
>>
>> I have uploaded fixes for both Sid and Experimental, and the fix for
>> Stable is committed to Git in here:
>>
>> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f
>>
>> Since you may prefer a diff to read from your mail client, I have
>> attached it to this message.
> 
> Why do you upload something different than the debdiff you sent?
> 
> jessie has 2014.1.3-7, and what you uploaded includes an additional
> fix which was never on security.debian.org:
> 
>> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
>>
>>  * Fix CVE-2015-3219 with upstream patch (Closes: 788306).
>>
>> -- Thomas Goirand <zigo@debian.org>  Wed, 10 Jun 2015 16:18:34 +0200
> 
> Cheers,
>         Moritz

Moritz,

I would still like both fixes to be included in the update. I'm sorry if
the first one didn't make it yet through proposed-updates, it's probably
my fault if it didn't.

If you wish me to squash version 2014.1.3-7+deb8u1 and 2014.1.3-7+deb8u2
into a single version, please let me know, but I don't think it's very
useful to do so.

Cheers,

Thomas Goirand (zigo)

Message #46 received at 828967@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: team@security.debian.org, 828967@bugs.debian.org

Subject: Re: horizon / CVE-2016-4428 #828967

Date: Tue, 5 Jul 2016 22:02:11 +0200

[Message part 1 (text/plain, inline)]

On 07/05/2016 07:37 PM, Moritz Mühlenhoff wrote:
> On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote:
>> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
>>> Hi Thomas,
>>> https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
>>> it in jessie-security. Can you please prepare an update? unstable also needs the patch.
>>>
>>> Cheers,
>>>         Moritz
>>>
>>
>> Hi Moritz,
>>
>> I have uploaded fixes for both Sid and Experimental, and the fix for
>> Stable is committed to Git in here:
>>
>> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f
>>
>> Since you may prefer a diff to read from your mail client, I have
>> attached it to this message.
> 
> Why do you upload something different than the debdiff you sent?
> 
> jessie has 2014.1.3-7, and what you uploaded includes an additional
> fix which was never on security.debian.org:
> 
>> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
>>
>>  * Fix CVE-2015-3219 with upstream patch (Closes: 788306).
>>
>> -- Thomas Goirand <zigo@debian.org>  Wed, 10 Jun 2015 16:18:34 +0200
> 
> Cheers,
>         Moritz

Attached the output of:
git diff -u -r debian/2014.1.3-7 \
	>horizon_2014.1.3-7_to_2014.1.3-7+deb8u2.diff

Can you review that instead of previous diff?

Cheers,

Thomas Goirand (zigo)

[horizon_2014.1.3-7_to_2014.1.3-7+deb8u2.diff (text/x-diff, attachment)]

Message #51 received at 828967@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Thomas Goirand <zigo@debian.org>

Cc: team@security.debian.org, 828967@bugs.debian.org

Subject: Re: horizon / CVE-2016-4428 #828967

Date: Tue, 5 Jul 2016 22:42:45 +0200

On Tue, Jul 05, 2016 at 09:58:58PM +0200, Thomas Goirand wrote:
> On 07/05/2016 07:37 PM, Moritz Mühlenhoff wrote:
> > On Wed, Jun 29, 2016 at 03:50:47PM +0200, Thomas Goirand wrote:
> >> On 06/29/2016 11:24 AM, Moritz Muehlenhoff wrote:
> >>> Hi Thomas,
> >>> https://bugs.launchpad.net/bugs/1567673 has been assigned CVE-2016-4428 and I think we should fix
> >>> it in jessie-security. Can you please prepare an update? unstable also needs the patch.
> >>>
> >>> Cheers,
> >>>         Moritz
> >>>
> >>
> >> Hi Moritz,
> >>
> >> I have uploaded fixes for both Sid and Experimental, and the fix for
> >> Stable is committed to Git in here:
> >>
> >> http://anonscm.debian.org/cgit/openstack/horizon.git/commit/?h=debian/icehouse&id=d74e751ce93f03240f3ad4206e93d6e7e05da55f
> >>
> >> Since you may prefer a diff to read from your mail client, I have
> >> attached it to this message.
> > 
> > Why do you upload something different than the debdiff you sent?
> > 
> > jessie has 2014.1.3-7, and what you uploaded includes an additional
> > fix which was never on security.debian.org:
> > 
> >> horizon (2014.1.3-7+deb8u1) jessie-security; urgency=high
> >>
> >>  * Fix CVE-2015-3219 with upstream patch (Closes: 788306).
> >>
> >> -- Thomas Goirand <zigo@debian.org>  Wed, 10 Jun 2015 16:18:34 +0200
> > 
> > Cheers,
> >         Moritz
> 
> Moritz,
> 
> I would still like both fixes to be included in the update. I'm sorry if
> the first one didn't make it yet through proposed-updates, it's probably
> my fault if it didn't.
> 
> If you wish me to squash version 2014.1.3-7+deb8u1 and 2014.1.3-7+deb8u2
> into a single version, please let me know, but I don't think it's very
> useful to do so.

No, let's ship both fixes, then. No need for a new upload. I'll review
the changes tomorrow and deal with the DSA.

Cheers,
        Moritz

Message #56 received at 828967-close@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 828967-close@bugs.debian.org

Subject: Bug#828967: fixed in horizon 2014.1.3-7+deb8u2

Date: Thu, 07 Jul 2016 16:47:11 +0000

Source: horizon
Source-Version: 2014.1.3-7+deb8u2

We believe that the bug you reported is fixed in the latest version of
horizon, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 828967@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated horizon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Jun 2016 15:24:16 +0200
Source: horizon
Binary: python-django-horizon openstack-dashboard openstack-dashboard-apache
Architecture: source all
Version: 2014.1.3-7+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 openstack-dashboard - OpenStack Dashboard
 openstack-dashboard-apache - OpenStack Dashboard - Apache support
 python-django-horizon - Django module providing web interaction with OpenStack
Closes: 828967
Changes:
 horizon (2014.1.3-7+deb8u2) jessie-security; urgency=medium
 .
   * CVE-2016-4428: Possible client side template injection in horizon. Applied
     upstream patch: "Escape angularjs templating in unsafe HTML" after rebasing
     it for Icehouse (Closes: #828967).
Checksums-Sha1:
 bca8f544a492726b8f5ed412b3b4fd289a8827aa 3230 horizon_2014.1.3-7+deb8u2.dsc
 a3b66f292914a0db422ecf6f3ede62ca63f22422 1674520 horizon_2014.1.3.orig.tar.xz
 e9de826b0de2653e0175b8448ce7aba5baa86287 20736 horizon_2014.1.3-7+deb8u2.debian.tar.xz
 ad540e5fae181b6b8047e367b51b108c0173e96f 1647012 python-django-horizon_2014.1.3-7+deb8u2_all.deb
 e8517c9fcc6e40652347a1e6bbc18d6a4326d276 1098502 openstack-dashboard_2014.1.3-7+deb8u2_all.deb
 a3f5d7178769d33acb4de76ce87704df50e7523a 11080 openstack-dashboard-apache_2014.1.3-7+deb8u2_all.deb
Checksums-Sha256:
 abae47d857d8ac7fcc4e70019379c8edba9e9440200f68c06c384b84bb2b6f56 3230 horizon_2014.1.3-7+deb8u2.dsc
 3d96888711bb8318970d35b970995e0dc44209523c4b00eed5a2da7e6e96216e 1674520 horizon_2014.1.3.orig.tar.xz
 b145e04ace5c605cecc78377be27e2cf973826c6e4eb1f94f1656c44ab3f830f 20736 horizon_2014.1.3-7+deb8u2.debian.tar.xz
 219535c49caf9dc09828fb0fc43382e4674a23d95417a64ef4ec36d24e35a45f 1647012 python-django-horizon_2014.1.3-7+deb8u2_all.deb
 b1d8411376493d15260a575c145e41eb4acb47b0068355df82a0adb75227730b 1098502 openstack-dashboard_2014.1.3-7+deb8u2_all.deb
 cd4daa8e7a7e4571d7b371e57f0a415cd282f18e744cc8f5523a23479da82c30 11080 openstack-dashboard-apache_2014.1.3-7+deb8u2_all.deb
Files:
 3c7df2af4a5014f8c97904bfd6a23d8d 3230 net extra horizon_2014.1.3-7+deb8u2.dsc
 0b7f01a3e3e6a4c1ce6b9f69aad24732 1674520 net extra horizon_2014.1.3.orig.tar.xz
 32c4f3259ef6d1a0fed281ea25f7e7e5 20736 net extra horizon_2014.1.3-7+deb8u2.debian.tar.xz
 bd3321f691af1067f6f6087fb9bd5d72 1647012 python extra python-django-horizon_2014.1.3-7+deb8u2_all.deb
 af4b6f27fc1ffebfb1f1f1f524cb41ff 1098502 net extra openstack-dashboard_2014.1.3-7+deb8u2_all.deb
 b5957f558b2421bb90f7ba79493e1846 11080 net extra openstack-dashboard-apache_2014.1.3-7+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXeAo/AAoJENQWrRWsa0P+XC8P/1jqg8C4lIYYgqPm7sbVeHjx
sr/QqxwSml9uROhjSv9e3nxCeQved9vEtNgV3iXdhBnwXwnUG/6AM4zNm0agQLn6
RMPYs3MNezP1Yuc2vvQn18Z8X4DVWzbsNHX/kb3L+KtLJayIroEj/ig+wfPaVfqG
5r+k3RwSunpYfa1llxVFWmrQFm3D+WlDSmRcfnms/GHBdQTBUXISQqcjmOZOXUuU
UfQxz3UCl6pt9ORolQiWjGSEwQHB+p+3DVKuMu0cO65d/brynDr8Kgh+60cZuoWh
FG6q5hNYCjHERruNYvwk8W1htIp2mOKkOowR2HGYA5mbn2BiKNgqUdjEquxH5JBT
qHPKdBsOPwIukLUpErLMTojapeckvy8fdXMo42f9ipHqTJuU0Hnw8x9ztoOxz1Wq
dCM9BnxZCh/TRluxOEl0xm9Oz/D0HI/ZtY1OWrwFBwp3jPsQuL3htlPR88og45yZ
cio/SZjLgDImFH+IdEhmXShy1+YtFnebQDeKX0yn1Axsv3EHj2ivvVLrcf4kdoS7
YkGtpR5KUNG2ei+R+JZrjBpIoERym0LXbSYAsF+qLI//gIRTUcigmbwbIM51M0sz
rWTggBvA3jDS3ZC/GM2dQ23Rm8znHPVcinMeISjB0TA6oxprPHFrMQ4PJwTdbVx8
YNasBdpGdfYnhubIoKCL
=OCfq
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.