Bug#1042527: [request-tracker-maintainers] Bug#1042527: request-tracker5: Include ckeditor minimified

2023-08-09 Thread Ángel
Control: tags +upstream Control: severity normal Resetting severity to normal, as it was a result of the FTBFS. There's an old ckeditor version bundled by upstream. It's not confirmed if the CVE can be exploited in RT. Should be fixed, but not a release-critical issue.

Bug#1042527: [request-tracker-maintainers] Bug#1042527: request-tracker5: Include ckeditor minimified

2023-08-01 Thread Ángel
tags 1042527 -ftbfs Hello Bastien Upstream does provide only a minified javascript in their release tarball, but Debian package includes the source of the ckeditor used within the third-party tarball http://deb.debian.org/debian/pool/main/r/request-tracker5/request-tracker5_5.0.3+dfsg.orig-third

Bug#1042527: request-tracker5: Include ckeditor minimified

2023-07-29 Thread Bastien Roucariès
Source: request-tracker5 Severity: serious Tags: ftbfs Justification: FTBFS Control: tags -1 + security Dear Maintainer, https://sources.debian.org/src/request- tracker5/5.0.3+dfsg-3/share/static/RichText/ include ckeditor outdated (with CVE) and moreover minified Could you use the packaged cke