[Pkg-javascript-devel] ckeditor4 security update
Sylvain Beucler
beuc at beuc.net
Fri Jun 17 16:27:32 BST 2022
Hello,
I'm working on Debian LTS (stretch), and I saw there are a number of
CVEs against ckeditor (v4), as seen in #982587 #999909 and #992290-2,
and I'm willing to provide some help on this package.
https://security-tracker.debian.org/tracker/source-package/ckeditor
AFAIU ckeditor upstream does not provide much information on fixes,
making it hard if not impossible to backport targeted fixes.
However they maintain branch 4.x cleanly.
Thus it may make sense to upgrade to 4.18 (or later) in all Debian
dists, including stable/oldstable (possibly in the next point release).
Does that sound doable and safe enough, or do you think there's too much
of a risk of breakage?
Cheers!
Sylvain Beucler
Debian LTS Team
More information about the Pkg-javascript-devel
mailing list