Your message dated Tue, 17 Aug 2021 09:19:26 +0000
with message-id <[email protected]>
and subject line Bug#992292: fixed in ckeditor 4.16.2+dfsg-1
has caused the Debian Bug report #992292,
regarding ckeditor: CVE-2021-32808
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
992292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992292
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ckeditor
Version: 4.16.0+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ckeditor.
CVE-2021-32808[0]:
| ckeditor is an open source WYSIWYG HTML editor with rich content
| support. A vulnerability has been discovered in the clipboard Widget
| plugin if used alongside the undo feature. The vulnerability allows a
| user to abuse undo functionality using malformed widget HTML, which
| could result in executing JavaScript code. It affects all users using
| the CKEditor 4 plugins listed above at version >= 4.13.0. The
| problem has been recognized and patched. The fix will be available in
| version 4.16.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-32808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32808
[1]
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ckeditor
Source-Version: 4.16.2+dfsg-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ckeditor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated ckeditor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Aug 2021 10:28:49 +0200
Source: ckeditor
Architecture: source
Version: 4.16.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 992290 992291 992292
Changes:
ckeditor (4.16.2+dfsg-1) unstable; urgency=medium
.
* Team upload
.
[ lintian-brush ]
* Use secure URI in Homepage field.
.
[ Yadd ]
* New upstream version 4.16.2 (Closes: #992290, 992291, 992292,
CVE-2021-37695, CVE-2021-32809, CVE-2021-32808)
* Remove CVE-2021-33829.patch now included in upstream
* Update lintian overrides
Checksums-Sha1:
da65466c22ed8744c45492e04028601c7b7a7f61 2063 ckeditor_4.16.2+dfsg-1.dsc
9cff2d56778fee6ba019364c1506160336460471 21730384
ckeditor_4.16.2+dfsg.orig.tar.xz
4665952f198a9cdb9cba03cb732122ebedf2dfda 10748
ckeditor_4.16.2+dfsg-1.debian.tar.xz
Checksums-Sha256:
26b50e71cee6db1bf6d2c3472c8d128014a7502f80d84a6539bfa5ca516ff2e1 2063
ckeditor_4.16.2+dfsg-1.dsc
807a076bfaee9065de057666e5eafc41b893958f836f406f0eba06c5ddd6711a 21730384
ckeditor_4.16.2+dfsg.orig.tar.xz
0c86e4026c612e103c10f98aee74ff6e014d53851adb6642106cb6e4f202adf6 10748
ckeditor_4.16.2+dfsg-1.debian.tar.xz
Files:
b94ac511fe6d39c2ee4c11bab72dcfeb 2063 javascript optional
ckeditor_4.16.2+dfsg-1.dsc
a0838b25d1e9ab1ea8dfe22536e417a2 21730384 javascript optional
ckeditor_4.16.2+dfsg.orig.tar.xz
f2e71973f9dcf2c1f281b88c5bb650ec 10748 javascript optional
ckeditor_4.16.2+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmEbc7wACgkQ9tdMp8mZ
7ulN6Q/9GyDyBD3piaZD+Vm7fXc+qqd3/DbYTh/1U2/dnuWBM07zjDDD0FTXNbii
lfvk2nzE+kKmpB6X1SLEOQ5ZATw0twZ5NyIwBTwIm+VtWYZM9sncsS4RjVxi4BX1
n1mwZA3xS3PZ6bnsQwpYRamFoP1A+SS1gzB2aMAFrxwhgPVsKX7fF1KgcSL9Vtbo
q9MfaK1Kdw6wVNOxzGkGLL2uU/e0P1DK2Olx9auawnxdJmQGqgwGxP2j/vyiYUbL
Eka3NHQfAC3q4j6JImetGv/Jac/5mN9GMUsSFXuKZ7lTnXQSrz1+4H40qprGxMGX
YqThfw7t3onMPaqVHA0Zcb8U2HcuIMUXRWltHPHN/9ZEdCgeoS+btficxLWWWc+D
Xys0mETCc+fnYUGBhj2PytcTUKaEyO0ktvVMVxJHgg5OR0Ymhj4jRLm9XfCtRUPF
Jk+5c4oPfJzH0c8Sl1yTXNDry9CZJdn7/YhfjHVk3O2Ewf3vsjE/xj8ttKkEDWcd
6LUD8beWl82zN4APHDzzpMjp3dh9w+7UM0h8zcqD6Uhz6V1nVnXd5udRrSYm7d2I
7Qfao544v2mWaxBmbIr8h6FgUtg17bYQStEuK5uAP0A42K/N8p8kudhaqMd1S65X
Kxl8vzTbpfu0HEhWeOoUdsMzMrjQ66lU4JItc4fJ39D0G47izbQ=
=nsyt
-----END PGP SIGNATURE-----
--- End Message ---
