Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9a55e943 by Sylvain Beucler at 2022-05-21T09:50:59+02:00 ckeditor3: link related ckeditor CVEs See https://lists.debian.org/debian-lts/2022/05/msg00018.html - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -18414,6 +18414,8 @@ CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed - ckeditor <unfixed> NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89 NOTE: https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 (4.18.0) + NOTE: MITRE's referenced patch (above) does not seem related + - ckeditor3 <unfixed> CVE-2022-24727 REJECTED CVE-2022-24726 (Istio is an open platform to connect, manage, and secure microservices ...) @@ -45269,12 +45271,14 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <no-dsa> (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0) + - ckeditor3 <unfixed> CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) - ckeditor <unfixed> (bug #999909) [bullseye] - ckeditor <no-dsa> (Minor issue) [buster] - ckeditor <no-dsa> (Minor issue) [stretch] - ckeditor <no-dsa> (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0) + - ckeditor3 <not-affected> (Advanced Content Filter introduced in v4.1) CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta ...) @@ -54191,6 +54195,7 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content [buster] - ckeditor <no-dsa> (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 + - ckeditor3 <unfixed> CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...) NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...) @@ -63333,6 +63338,7 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc [buster] - ckeditor <no-dsa> (Minor issue) NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed + - ckeditor3 <unfixed> CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...) - owncloud <removed> CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...) @@ -82965,6 +82971,7 @@ CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 [stretch] - ckeditor <postponed> (Fix along next DLA) NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 NOTE: https://github.com/ckeditor/ckeditor4/commit/467cc95b666d65ba9dc84c05dd760a00395a353a (4.16.0) + - ckeditor3 <not-affected> (autolink plugin introduced in v4.5) CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) - ckeditor 4.16.0+dfsg-1 (bug #982587) [buster] - ckeditor <no-dsa> (Minor issue) @@ -242286,6 +242293,7 @@ CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a - ckeditor 4.11.1+dfsg-1 (low) [stretch] - ckeditor <ignored> (Minor issue, XSS through direct copy/paste by victim, no identified patch) [jessie] - ckeditor <ignored> (Minor issue) + - ckeditor3 <unfixed> (low) - fckeditor <removed> CVE-2018-17959 RESERVED @@ -411026,6 +411034,9 @@ CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin be - ckeditor 4.4.4+dfsg1-1 (bug #760736) [wheezy] - ckeditor <not-affected> (Preview plugin not yet present) [squeeze] - ckeditor <not-affected> (Preview plugin not yet present) + - ckeditor3 <unfixed> + NOTE: https://dev.ckeditor.com/browser/CKEditor/trunk/_source/plugins/preview/preview.html?rev=7706 (v3.6.x) + NOTE: https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a (v4.4.3) CVE-2014-5190 (Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/i ...) NOT-FOR-US: WordPress plugin SI CAPTCHA Anti-Spam CVE-2014-5189 (SQL injection vulnerability in lib/optin/optin_page.php in the Lead Oc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a55e943bca823e36337c8b47cd65adcf0405fd4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a55e943bca823e36337c8b47cd65adcf0405fd4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
