Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4933652 by Sylvain Beucler at 2022-05-21T10:38:20+02:00
ckeditor3: link related ckeditor CVEs
follow-up to 9a55e943bca823e36337c8b47cd65adcf0405fd4
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18412,13 +18412,14 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps
continuous delivery tool for Ku
NOT-FOR-US: Argo CD
CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor <unfixed>
+ - ckeditor3 <unfixed>
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor <unfixed>
+ - ckeditor3 <unfixed>
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
NOTE:
https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
(4.18.0)
NOTE: MITRE's referenced patch (above) does not seem related
- - ckeditor3 <unfixed>
CVE-2022-24727
REJECTED
CVE-2022-24726 (Istio is an open platform to connect, manage, and secure
microservices ...)
@@ -45274,15 +45275,15 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG
HTML editor. In affected ver
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <no-dsa> (Minor issue)
- NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
(v4.17.0)
- ckeditor3 <unfixed>
+ NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
(v4.17.0)
CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected
versions ...)
- ckeditor <unfixed> (bug #999909)
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <no-dsa> (Minor issue)
- NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
(v4.17.0)
- ckeditor3 <not-affected> (Advanced Content Filter introduced in v4.1)
+ NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
(v4.17.0)
CVE-2021-41163 (Discourse is an open source platform for community discussion.
In affe ...)
NOT-FOR-US: Discourse
CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In
3.0.0 beta ...)
@@ -54197,9 +54198,9 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML
editor with rich content
- ckeditor 4.16.2+dfsg-1 (bug #992290)
[bullseye] - ckeditor <no-dsa> (Minor issue)
[buster] - ckeditor <no-dsa> (Minor issue)
+ - ckeditor3 <unfixed>
NOTE:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
NOTE:
https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
- - ckeditor3 <unfixed>
CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring
Cloud S ...)
NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template
CVE-2021-37693 (Discourse is an open-source platform for community discussion.
In Disc ...)
@@ -63340,9 +63341,9 @@ CVE-2021-33829 (A cross-site scripting (XSS)
vulnerability in the HTML Data Proc
{DLA-2813-1}
- ckeditor 4.16.0+dfsg-2
[buster] - ckeditor <no-dsa> (Minor issue)
+ - ckeditor3 <unfixed>
NOTE:
https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
NOTE:
https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
- - ckeditor3 <unfixed>
CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud
mishandles the ...)
- owncloud <removed>
CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows
OS Comm ...)
@@ -82973,13 +82974,14 @@ CVE-2021-26272 (It was possible to execute a
ReDoS-type attack inside CKEditor 4
- ckeditor 4.16.0+dfsg-1 (bug #982587)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <postponed> (Fix along next DLA)
+ - ckeditor3 <not-affected> (autolink plugin introduced in v4.5)
NOTE:
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
NOTE:
https://github.com/ckeditor/ckeditor4/commit/467cc95b666d65ba9dc84c05dd760a00395a353a
(4.16.0)
- - ckeditor3 <not-affected> (autolink plugin introduced in v4.5)
CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor
4 befor ...)
- ckeditor 4.16.0+dfsg-1 (bug #982587)
[buster] - ckeditor <no-dsa> (Minor issue)
[stretch] - ckeditor <postponed> (Fix along next DLA)
+ - ckeditor3 <unfixed>
NOTE:
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
CVE-2021-26270
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49336529ef50af25fdf2c2c4dad8f26a572a039
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49336529ef50af25fdf2c2c4dad8f26a572a039
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
