[SECURITY] [DLA 2813-1] ckeditor security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2813-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
November 09, 2021 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : ckeditor
Version : 4.5.7+dfsg-2+deb9u1
CVE ID : CVE-2021-33829 CVE-2021-37695
Debian Bug : 992290
CKEditor, an open source WYSIWYG HTML editor with rich content
support, which can be embedded into web pages, had two
vulnerabilites as follows:
CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data
Processor in CKEditor 4 allows remote attackers to inject
executable JavaScript code through a crafted comment because
--!> is mishandled.
CVE-2021-37695
A potential vulnerability has been discovered in CKEditor 4
Fake Objects package. The vulnerability allowed to inject
malformed Fake Objects HTML, which could result in executing
JavaScript code.
For Debian 9 stretch, these problems have been fixed in version
4.5.7+dfsg-2+deb9u1.
We recommend that you upgrade your ckeditor packages.
For the detailed security status of ckeditor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ckeditor
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmGKNpAACgkQgj6WdgbD
S5aXvw/8CsNLk3fBNXi0oGhCpJ5I9m/TSqPLytYpHRkqG/MlGV8s+B20XCjqWIZy
jBxNJ2poTnMfRWbPfNCxJidkNZWqQ3ILnrmGojB/3QOlYSkRBSO4BYqNIaIDHU7r
BKUYCLpWlm83N2wq1UT8MLHBDN3JB7m8RZx285fUEI7yIKg7TqbXtbDwwDraYwlN
qkBmVHId4YnBRi6hMrnSbMe+sSh+d6ymxiKGq31AEV0noBCD6sKcRsjm3lHPI7Jt
srOy7GEiRTLE41R1viXjv/DSiuWETB0BDfvvNSfqLkH7Eq1HlVBY8FDFTX74ydXU
LUjQAemirspqJNsZZRKrChNXG44VxlEoqr/h3vSGSFRf2Fmmw8O8rtn87GTy+xZb
Dz1jhGTXGZ07AR42ujItq8wAj859Wnt+lVsKTcuL6cgYekMPMYPjlq0SUUfwPynx
9GWOCXeljIj6H2n6TCn9bu6BEMETOWItrExXELYK95nHrA7GmkW8szX2VNWNCeIU
5wYlnn+BC+j8yeGzBU537r6YBQuA+SpbQPzc5PjDcubAWE+59xHD3EfrPsA7Z7GP
80hBvHzJ8SJeAZA4vKC36vF8LxzgBE2lY0qyB7qCNWfFF96NNKGOl52STudEP1Rt
sKtF1546F94sRLuHDxjU4PdZdt2JoShwbAukqAn2o8aNP6JS08k=
=bfla
-----END PGP SIGNATURE-----
Reply to: