Your message dated Sat, 16 Jul 2022 21:04:35 +0000
with message-id <e1ocoxn-000e6q...@fasolo.debian.org>
and subject line Bug#999909: fixed in ckeditor 4.19.0+dfsg-1
has caused the Debian Bug report #999909,
regarding ckeditor: CVE-2021-41164 CVE-2021-41165
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
999909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ckeditor
Version: 4.16.2+dfsg-1
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
<t...@security.debian.org>
Hi,
The following vulnerabilities were published for ckeditor.
CVE-2021-41164[0]:
| CKEditor4 is an open source WYSIWYG HTML editor. In affected versions
| a vulnerability has been discovered in the Advanced Content Filter
| (ACF) module and may affect all plugins used by CKEditor 4. The
| vulnerability allowed to inject malformed HTML bypassing content
| sanitization, which could result in executing JavaScript code. It
| affects all users using the CKEditor 4 at version < 4.17.0. The
| problem has been recognized and patched. The fix will be available in
| version 4.17.0.
CVE-2021-41165[1]:
| CKEditor4 is an open source WYSIWYG HTML editor. In affected version a
| vulnerability has been discovered in the core HTML processing module
| and may affect all plugins used by CKEditor 4. The vulnerability
| allowed to inject malformed comments HTML bypassing content
| sanitization, which could result in executing JavaScript code. It
| affects all users using the CKEditor 4 at version < 4.17.0. The
| problem has been recognized and patched. The fix will be available in
| version 4.17.0.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-41164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
[1] https://security-tracker.debian.org/tracker/CVE-2021-41165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
Please adjust the affected versions in the BTS as needed.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-4-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: ckeditor
Source-Version: 4.19.0+dfsg-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
ckeditor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 999...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated ckeditor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 Jul 2022 22:23:46 +0200
Source: ckeditor
Built-For-Profiles: nocheck
Architecture: source
Version: 4.19.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 999909
Changes:
ckeditor (4.19.0+dfsg-1) unstable; urgency=medium
.
* Team upload
* Fix debian/watch: use /tags instead of /releases
* Declare compliance with policy 4.6.1
* Update excluded files list
* New upstream version (Closes: #999909, CVE-2021-41164, CVE-2021-41165)
* Drop 0002-Remove-flash-example.patch, now included in upstream
* Refresh patches
* Fix build
Checksums-Sha1:
7e5c6d53cf8c42bc91c5bb3a0fbf684f1e7ce81b 2063 ckeditor_4.19.0+dfsg-1.dsc
357d528aca01f8a71db99f2a3ed10b7e110dd5a3 48286476
ckeditor_4.19.0+dfsg.orig.tar.xz
1f3615e5132a354d5c83738eac8baae66bed60bf 10472
ckeditor_4.19.0+dfsg-1.debian.tar.xz
Checksums-Sha256:
60504ab24ee9b1e9b2cc1c4c3bc15b3643cd0a85960c1ca3ef61c0e3a2cbc095 2063
ckeditor_4.19.0+dfsg-1.dsc
d6734cf770d162b96b199fa81832402a2487d036495e34856f45c92b6f458162 48286476
ckeditor_4.19.0+dfsg.orig.tar.xz
31e7339921840b8667a626a3e51ed7093e3a31e78c842fb1c4f3eedcc068b5e1 10472
ckeditor_4.19.0+dfsg-1.debian.tar.xz
Files:
40860274fc7403cc6c6d81c290e556ed 2063 javascript optional
ckeditor_4.19.0+dfsg-1.dsc
31e50da4193e983773b823281e76de9c 48286476 javascript optional
ckeditor_4.19.0+dfsg.orig.tar.xz
cfcd2611c0ce2abe836dedc0c77f8a89 10472 javascript optional
ckeditor_4.19.0+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmLTHusACgkQ9tdMp8mZ
7unj+Q//S+NsigE4z3MMTBNYbJ51P5lrT+H7iSMeK2eXy5biF2uAXuoz9d7UH7h7
eu8scqmZ8DVxalCLT+g8MOwHxZ5wj7QF7umKISsVFp9ty46MONS//+peHUxdKfJQ
5GE9tYHyovwN0FpOnEbBppPetu33yt6G9q6pJOZY1b5+vtrje/ROFLLCatKt1ygA
UBHUUxEHP1G3FbpjVdDfrwcW88JtpnocUjFIAf62lnbmrAxibdwlMDYUcwVsKjHm
Is+yZZWzfh1h+cRSfwKfu+2HDPAv5owZ9a0QjrlrHzqv5CYuhIxStkLrj2NRn4/O
V5VERpxHK7E4yfUObB6hJLdvme+fiVVD6AwqIMfOb8jhDwmj8Z/gfEwtgk6EzFb/
H/k8698FtnmYBwi4ACybEelOE3xHjy/S6tbXHVprMxR8PnQVpoA0w1ZJM43nPGwo
vdgjNJEBEYo2tQG4oWHKcbaVBkIdfFsGPiP4k62U6qqlnzUKKu8wanQD1YFLBWxr
NcgTjQ4YYawIzUtypYuNbsFFFeJ81A5A6YR7eLW4IiU+CogvODEFXAcHHoG2tfRb
S1p+OOrQ5tf7ph01jhFqL+bEf2ZE8Lzi92TJcQZGjfH8udo3j7iOCj1rFzpIIyG1
XrS1JyhWBxysYOiKXe57kI1+sZh+m9mYA8D6+eVKLD/k46EVoUo=
=dMrC
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
