(RHSA-2016:1272) Important: python-django-horizon security, bug fix, and enhancement update

OpenStack Dashboard (Horizon) provides administrators and users with a
graphical interface to access, provision, and automate cloud-based
resources.

The following packages have been upgraded to a newer upstream version:
python-django-horizon: 2015.1.4 (BZ#1345822)

Security Fix(es):

• A DOM-based, cross-site scripting vulnerability was found in the
  OpenStack dashboard, where user input was not filtered correctly. An
  authenticated dashboard user could exploit the flaw by injecting an
  AngularJS template into a dashboard form (for example, using an image’s
  description), triggering the vulnerability when another user browsed
  the affected page. As a result, this flaw could result in user accounts
  being compromised (for example, user-access credentials being stolen).
  (CVE-2016-4428)

Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Beth Lancaster (Virginia Tech) and Brandon Sawyers
(Virginia Tech) as the original reporters.