This XSS issue was resolved/released in 0.9.10-jenkins-29 so the package in Debian already contains the fix for this security issue.
Apologies - I should have detailed this in the changelog entry. Cheers James -- James Page Ubuntu Core Developer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org