Thomas Goirand uploaded new packages for horizon which fixed the following security problem:
CVE-2015-3988: Sunil Yadav from IBM Security Services reported a persistent XSS in Horizon. An authenticated user may conduct a persistent XSS attack by setting a malicious metadata to a Glance image, a Nova flavor or a Host Aggregate and tricking an administrator to load the update metadata page. Once executed in a legitimate context this attack may result in a privilege escalation.
For the jessie-backports distribution the problems have been fixed in 2015.1.0-2~bpo8+1.