svn commit: r410209 - head/www/py-djblets
Ruslan Makhmatkhanov
rm at FreeBSD.org
Sat Mar 5 20:29:00 UTC 2016
Author: rm
Date: Sat Mar 5 20:28:58 2016
New Revision: 410209
URL: https://svnweb.freebsd.org/changeset/ports/410209
Log:
www/py-djblets: update to 0.9.2
Changelog [1]:
Fixed a Self-XSS vulnerability in the djblets.datagrid column headers.
A recently-discovered vulnerability in the datagrid templates allows an attacker
to generate a URL to any datagrid page containing malicious code in a column
sorting value. If the user visits that URL and then clicks that column, the code
will execute.
The cause of the vulnerability was due to a template not escaping user-provided
values.
This vulnerability was reported by Jose Carlos Exposito Bueno (0xlabs).
[1] https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/
With hat: python
Modified:
head/www/py-djblets/Makefile
head/www/py-djblets/distinfo
Modified: head/www/py-djblets/Makefile
==============================================================================
--- head/www/py-djblets/Makefile Sat Mar 5 20:10:34 2016 (r410208)
+++ head/www/py-djblets/Makefile Sat Mar 5 20:28:58 2016 (r410209)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= djblets
-PORTVERSION= 0.9.1
+PORTVERSION= 0.9.2
CATEGORIES= www python
MASTER_SITES= CHEESESHOP
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
Modified: head/www/py-djblets/distinfo
==============================================================================
--- head/www/py-djblets/distinfo Sat Mar 5 20:10:34 2016 (r410208)
+++ head/www/py-djblets/distinfo Sat Mar 5 20:28:58 2016 (r410209)
@@ -1,2 +1,2 @@
-SHA256 (Djblets-0.9.1.tar.gz) = f0801b3b9b48b493ed70a389e917747fcca9e827a2a31ff7c7213ec72ad66b5d
-SIZE (Djblets-0.9.1.tar.gz) = 332720
+SHA256 (Djblets-0.9.2.tar.gz) = 9df3db467ccc427d85f8a2f929557a884f9149fd32a96765c8854b1463a193f6
+SIZE (Djblets-0.9.2.tar.gz) = 332675
More information about the svn-ports-head
mailing list