-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thomas Goirand uploaded new packages for horizon which fixed the
following security problem:

CVE-2015-3988:
  Sunil Yadav from IBM Security Services reported a persistent XSS in
  Horizon. An authenticated user may conduct a persistent XSS attack by
  setting a malicious metadata to a Glance image, a Nova flavor or a
  Host Aggregate and tricking an administrator to load the update
  metadata page. Once executed in a legitimate context this attack may
  result in a privilege escalation.

For the jessie-backports distribution the problems have been fixed in
2015.1.0-2~bpo8+1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVZCO3AAoJEPGmQ7akrBn8ZpUP/0wjrxnfZIQRCU6eKtqiOw81
XnEOLBiMj04yI0zVUGX99M6kob1pICU3E+yTE2c78ryalWzHkdEoJ85zbWeeP5HS
pNHOexRalYKIz/kdUeuTvkoTFVvUyR2G51OSEDU5vXcw+YHEkhxbKPZUlc++cqm8
f/Qj10Al7HHthcC1guxUhL9gQXq28rEf8Iswok4/QUS/GI7fQea9aljFd8mKjXYm
0kzNiGNP3jfIg5JdI8//YV7er0eux00uFtSID3/iIYynzXttDw/Yn5HWfHxq/oRY
17MxehOULQIQVOLOQ