[Git][security-tracker-team/security-tracker][master] ckeditor3: link related ckeditor CVEs

Sylvain Beucler (@beuc) beuc at debian.org
Sat May 21 09:38:33 BST 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4933652 by Sylvain Beucler at 2022-05-21T10:38:20+02:00
ckeditor3: link related ckeditor CVEs
follow-up to 9a55e943bca823e36337c8b47cd65adcf0405fd4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18412,13 +18412,14 @@ CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Ku
 	NOT-FOR-US: Argo CD
 CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor <unfixed>
+	- ckeditor3 <unfixed>
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
 CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor <unfixed>
+	- ckeditor3 <unfixed>
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 (4.18.0)
 	NOTE: MITRE's referenced patch (above) does not seem related
-	- ckeditor3 <unfixed>
 CVE-2022-24727
 	REJECTED
 CVE-2022-24726 (Istio is an open platform to connect, manage, and secure microservices ...)
@@ -45274,15 +45275,15 @@ CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <no-dsa> (Minor issue)
-	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
 	- ckeditor3 <unfixed>
+	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
 CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions  ...)
 	- ckeditor <unfixed> (bug #999909)
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <no-dsa> (Minor issue)
-	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
 	- ckeditor3 <not-affected> (Advanced Content Filter introduced in v4.1)
+	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
 CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta  ...)
@@ -54197,9 +54198,9 @@ CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content
 	- ckeditor 4.16.2+dfsg-1 (bug #992290)
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
 	[buster] - ckeditor <no-dsa> (Minor issue)
+	- ckeditor3 <unfixed>
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
-	- ckeditor3 <unfixed>
 CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
 	NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template
 CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...)
@@ -63340,9 +63341,9 @@ CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Proc
 	{DLA-2813-1}
 	- ckeditor 4.16.0+dfsg-2
 	[buster] - ckeditor <no-dsa> (Minor issue)
+	- ckeditor3 <unfixed>
 	NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
-	- ckeditor3 <unfixed>
 CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...)
 	- owncloud <removed>
 CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...)
@@ -82973,13 +82974,14 @@ CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4
 	- ckeditor 4.16.0+dfsg-1 (bug #982587)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <postponed> (Fix along next DLA)
+	- ckeditor3 <not-affected> (autolink plugin introduced in v4.5)
 	NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/467cc95b666d65ba9dc84c05dd760a00395a353a (4.16.0)
-	- ckeditor3 <not-affected> (autolink plugin introduced in v4.5)
 CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
 	- ckeditor 4.16.0+dfsg-1 (bug #982587)
 	[buster] - ckeditor <no-dsa> (Minor issue)
 	[stretch] - ckeditor <postponed> (Fix along next DLA)
+	- ckeditor3 <unfixed>
 	NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
 CVE-2021-26270
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49336529ef50af25fdf2c2c4dad8f26a572a039

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49336529ef50af25fdf2c2c4dad8f26a572a039
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220521/f5fdcaf3/attachment.htm>

More information about the debian-security-tracker-commits mailing list