Your message dated Tue, 17 Aug 2021 09:19:26 +0000 with message-id <e1mfvfm-000gde...@fasolo.debian.org> and subject line Bug#992291: fixed in ckeditor 4.16.2+dfsg-1 has caused the Debian Bug report #992291, regarding ckeditor: CVE-2021-32809 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 992291: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ckeditor Version: 4.16.0+dfsg-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 4.11.1+dfsg-1 Hi, The following vulnerability was published for ckeditor. CVE-2021-32809[0]: | ckeditor is an open source WYSIWYG HTML editor with rich content | support. A potential vulnerability has been discovered in CKEditor 4 | [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The | vulnerability allowed to abuse paste functionality using malformed | HTML, which could result in injecting arbitrary HTML into the editor. | It affects all users using the CKEditor 4 plugins listed above at | version >= 4.5.2. The problem has been recognized and patched. The | fix will be available in version 4.16.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809 [1] https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ckeditor Source-Version: 4.16.2+dfsg-1 Done: Yadd <y...@debian.org> We believe that the bug you reported is fixed in the latest version of ckeditor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 992...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <y...@debian.org> (supplier of updated ckeditor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Aug 2021 10:28:49 +0200 Source: ckeditor Architecture: source Version: 4.16.2+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Yadd <y...@debian.org> Closes: 992290 992291 992292 Changes: ckeditor (4.16.2+dfsg-1) unstable; urgency=medium . * Team upload . [ lintian-brush ] * Use secure URI in Homepage field. . [ Yadd ] * New upstream version 4.16.2 (Closes: #992290, 992291, 992292, CVE-2021-37695, CVE-2021-32809, CVE-2021-32808) * Remove CVE-2021-33829.patch now included in upstream * Update lintian overrides Checksums-Sha1: da65466c22ed8744c45492e04028601c7b7a7f61 2063 ckeditor_4.16.2+dfsg-1.dsc 9cff2d56778fee6ba019364c1506160336460471 21730384 ckeditor_4.16.2+dfsg.orig.tar.xz 4665952f198a9cdb9cba03cb732122ebedf2dfda 10748 ckeditor_4.16.2+dfsg-1.debian.tar.xz Checksums-Sha256: 26b50e71cee6db1bf6d2c3472c8d128014a7502f80d84a6539bfa5ca516ff2e1 2063 ckeditor_4.16.2+dfsg-1.dsc 807a076bfaee9065de057666e5eafc41b893958f836f406f0eba06c5ddd6711a 21730384 ckeditor_4.16.2+dfsg.orig.tar.xz 0c86e4026c612e103c10f98aee74ff6e014d53851adb6642106cb6e4f202adf6 10748 ckeditor_4.16.2+dfsg-1.debian.tar.xz Files: b94ac511fe6d39c2ee4c11bab72dcfeb 2063 javascript optional ckeditor_4.16.2+dfsg-1.dsc a0838b25d1e9ab1ea8dfe22536e417a2 21730384 javascript optional ckeditor_4.16.2+dfsg.orig.tar.xz f2e71973f9dcf2c1f281b88c5bb650ec 10748 javascript optional ckeditor_4.16.2+dfsg-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmEbc7wACgkQ9tdMp8mZ 7ulN6Q/9GyDyBD3piaZD+Vm7fXc+qqd3/DbYTh/1U2/dnuWBM07zjDDD0FTXNbii lfvk2nzE+kKmpB6X1SLEOQ5ZATw0twZ5NyIwBTwIm+VtWYZM9sncsS4RjVxi4BX1 n1mwZA3xS3PZ6bnsQwpYRamFoP1A+SS1gzB2aMAFrxwhgPVsKX7fF1KgcSL9Vtbo q9MfaK1Kdw6wVNOxzGkGLL2uU/e0P1DK2Olx9auawnxdJmQGqgwGxP2j/vyiYUbL Eka3NHQfAC3q4j6JImetGv/Jac/5mN9GMUsSFXuKZ7lTnXQSrz1+4H40qprGxMGX YqThfw7t3onMPaqVHA0Zcb8U2HcuIMUXRWltHPHN/9ZEdCgeoS+btficxLWWWc+D Xys0mETCc+fnYUGBhj2PytcTUKaEyO0ktvVMVxJHgg5OR0Ymhj4jRLm9XfCtRUPF Jk+5c4oPfJzH0c8Sl1yTXNDry9CZJdn7/YhfjHVk3O2Ewf3vsjE/xj8ttKkEDWcd 6LUD8beWl82zN4APHDzzpMjp3dh9w+7UM0h8zcqD6Uhz6V1nVnXd5udRrSYm7d2I 7Qfao544v2mWaxBmbIr8h6FgUtg17bYQStEuK5uAP0A42K/N8p8kudhaqMd1S65X Kxl8vzTbpfu0HEhWeOoUdsMzMrjQ66lU4JItc4fJ39D0G47izbQ= =nsyt -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
