[Git][security-tracker-team/security-tracker][master] Reserve DLA-2813-1 for ckeditor

Tue Nov 9 08:07:11 GMT 2021


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0966716a by Utkarsh Gupta at 2021-11-09T13:36:52+05:30
Reserve DLA-2813-1 for ckeditor

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16027,7 +16027,6 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content
 	- ckeditor 4.16.2+dfsg-1 (bug #992290)
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
-	[stretch] - ckeditor <no-dsa> (Minor issue)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
 CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
@@ -25014,7 +25013,6 @@ CVE-2021-33830
 CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor  ...)
 	- ckeditor 4.16.0+dfsg-2
 	[buster] - ckeditor <no-dsa> (Minor issue)
-	[stretch] - ckeditor <postponed> (Fix along next DLA)
 	NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
 CVE-2021-33828


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[09 Nov 2021] DLA-2813-1 ckeditor - security update
+	{CVE-2021-33829 CVE-2021-37695}
+	[stretch] - ckeditor 4.5.7+dfsg-2+deb9u1
 [08 Nov 2021] DLA-2812-1 botan1.10 - security update
 	{CVE-2017-14737}
 	[stretch] - botan1.10 1.10.17-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -18,8 +18,6 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
-ckeditor (Utkarsh)
---
 debian-archive-keyring
   NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
   NOTE: 20210920: Raphael answered. will backport today. (utkarsh)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0966716af3611685661f828d364240d64ea93ad9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0966716af3611685661f828d364240d64ea93ad9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211109/1494b33e/attachment-0001.htm>
