--- a/components/openstack/horizon/patches/13-CVE-2015-3219.patch	Fri Feb 05 11:09:10 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-Errata patch for CVE-2015-3219
-https://bugs.launchpad.net/horizon/+bug/1453074
-
-Fixed upstream and in a future release.
--------
-From: lin-hua-cheng <[email protected]>
-Date: Mon, 1 Jun 2015 17:55:00 -0700
-Subject: [PATCH] Escape the description param from heat template
-
-The heat template allows user to define custom parameters,
-the fields are then converted to input fields. The description
-param maps to the help_text attribute of the field.
-
-Since the value comes from the user, the value must be escaped
-before rendering.
-
-Change-Id: I79d540a8363b2507c4bccdc0cc38e283962919d2
-Closes-bug: #1453074
----
- openstack_dashboard/dashboards/project/stacks/forms.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/openstack_dashboard/dashboards/project/stacks/forms.py 
-b/openstack_dashboard/dashboards/project/stacks/forms.py
-index 5ee01df..ba9e141 100644
---- a/openstack_dashboard/dashboards/project/stacks/forms.py
-+++ b/openstack_dashboard/dashboards/project/stacks/forms.py
-@@ -13,6 +13,7 @@
- import json
- import logging
-
-+from django.utils import html
- from django.utils.translation import ugettext_lazy as _
- from django.views.decorators.debug import sensitive_variables  # noqa
-
-@@ -310,7 +311,7 @@ class CreateStackForm(forms.SelfHandlingForm):
-             field_args = {
-                 'initial': param.get('Default', None),
-                 'label': param.get('Label', param_key),
--                'help_text': param.get('Description', ''),
-+                'help_text': html.escape(param.get('Description', '')),
-                 'required': param.get('Default', None) is None
-             }
-
--- 
-1.9.1
-