Processed: Re: [request-tracker-maintainers] Bug#1042527: request-tracker5: Include ckeditor minimified

Processing commands for cont...@bugs.debian.org: > tags 1042527 +upstream Bug #1042527 [src:request-tracker5] request-tracker5: Include ckeditor minimified Added tag(s) upstream. > severity 1042527 normal Bug #1042527 [src:request-tracker5] request-tracker5: Include ckeditor minimified Severity

Bug#1042527: [request-tracker-maintainers] Bug#1042527: request-tracker5: Include ckeditor minimified

Control: tags +upstream Control: severity normal Resetting severity to normal, as it was a result of the FTBFS. There's an old ckeditor version bundled by upstream. It's not confirmed if the CVE can be exploited in RT. Should be fixed, but not a release-critical issue.

Processed: Re: Bug#1042527: Info received ([request-tracker-maintainers] Bug#1042527: request-tracker5: Include ckeditor minimified)

Processing commands for cont...@bugs.debian.org: > tags 1042527 -ftbfs Bug #1042527 [src:request-tracker5] request-tracker5: Include ckeditor minimified Removed tag(s) ftbfs. > End of message, stopping processing here. Please contact me if you need assistance. -- 1042527: https://bugs.debian.or

Bug#1042527: [request-tracker-maintainers] Bug#1042527: request-tracker5: Include ckeditor minimified

tags 1042527 -ftbfs Hello Bastien Upstream does provide only a minified javascript in their release tarball, but Debian package includes the source of the ckeditor used within the third-party tarball http://deb.debian.org/debian/pool/main/r/request-tracker5/request-tracker5_5.0.3+dfsg.orig-third

Bug#1042527: request-tracker5: Include ckeditor minimified

Source: request-tracker5 Severity: serious Tags: ftbfs Justification: FTBFS Control: tags -1 + security Dear Maintainer, https://sources.debian.org/src/request- tracker5/5.0.3+dfsg-3/share/static/RichText/ include ckeditor outdated (with CVE) and moreover minified Could you use the packaged cke