Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 5 Mar 2016 20:28:58 +0000 (UTC)
From:      Ruslan Makhmatkhanov <rm@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r410209 - head/www/py-djblets
Message-ID:  <201603052028.u25KSw35054174@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rm
Date: Sat Mar  5 20:28:58 2016
New Revision: 410209
URL: https://svnweb.freebsd.org/changeset/ports/410209

Log:
  www/py-djblets: update to 0.9.2
  
  Changelog [1]:
  
  Fixed a Self-XSS vulnerability in the djblets.datagrid column headers.
  
  A recently-discovered vulnerability in the datagrid templates allows an attacker
  to generate a URL to any datagrid page containing malicious code in a column
  sorting value. If the user visits that URL and then clicks that column, the code
  will execute.
  
  The cause of the vulnerability was due to a template not escaping user-provided
  values.
  
  This vulnerability was reported by Jose Carlos Exposito Bueno (0xlabs).
  
  [1] https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/
  
  With hat:		python

Modified:
  head/www/py-djblets/Makefile
  head/www/py-djblets/distinfo

Modified: head/www/py-djblets/Makefile
==============================================================================
--- head/www/py-djblets/Makefile	Sat Mar  5 20:10:34 2016	(r410208)
+++ head/www/py-djblets/Makefile	Sat Mar  5 20:28:58 2016	(r410209)
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	djblets
-PORTVERSION=	0.9.1
+PORTVERSION=	0.9.2
 CATEGORIES=	www python
 MASTER_SITES=	CHEESESHOP
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}

Modified: head/www/py-djblets/distinfo
==============================================================================
--- head/www/py-djblets/distinfo	Sat Mar  5 20:10:34 2016	(r410208)
+++ head/www/py-djblets/distinfo	Sat Mar  5 20:28:58 2016	(r410209)
@@ -1,2 +1,2 @@
-SHA256 (Djblets-0.9.1.tar.gz) = f0801b3b9b48b493ed70a389e917747fcca9e827a2a31ff7c7213ec72ad66b5d
-SIZE (Djblets-0.9.1.tar.gz) = 332720
+SHA256 (Djblets-0.9.2.tar.gz) = 9df3db467ccc427d85f8a2f929557a884f9149fd32a96765c8854b1463a193f6
+SIZE (Djblets-0.9.2.tar.gz) = 332675

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603052028.u25KSw35054174>