K 10
svn:author
V 2
rm
K 8
svn:date
V 27
2016-03-05T20:28:58.498030Z
K 7
svn:log
V 621
www/py-djblets: update to 0.9.2

Changelog [1]:

Fixed a Self-XSS vulnerability in the djblets.datagrid column headers.

A recently-discovered vulnerability in the datagrid templates allows an attacker
to generate a URL to any datagrid page containing malicious code in a column
sorting value. If the user visits that URL and then clicks that column, the code
will execute.

The cause of the vulnerability was due to a template not escaping user-provided
values.

This vulnerability was reported by Jose Carlos Exposito Bueno (0xlabs).

[1] https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/

With hat:		python

END