Publishing details

Published on 2022-03-22
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by David Fernandez Gonzalez

Changelog

ckeditor (4.12.1+dfsg-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: code injection in HTML data processor
    - debian/patches/CVE-2021-33829.patch: treat --!> as a valid comment
      end tag in core/htmlparser.js
    - CVE-2021-33289
    - CVE-2020-9281
  * SECURITY UPDATE: HTML injection in clipboard plugin
    - debian/patches/CVE-2021-32809.patch: clean unwanted characters and
      tags from clipboard data in plugins/clipboard/plugin.js
    - CVE-2021-32809
  * SECURITY UPDATE: code injection through fake objects.
    - debian/patches/CVE-2021-37695.patch: perform filtering over the
      content used to restore real element in fakeobjects/plugin.js.
    - CVE-2021-37695

 -- David Fernandez Gonzalez <email address hidden>  Fri, 18 Mar 2022 11:27:31 +0100

Available diffs

diff from 4.12.1+dfsg-1 (in Debian) to 4.12.1+dfsg-1ubuntu0.1 (4.0 KiB)

Builds

amd64

Built packages

ckeditor text editor which can be embedded into web pages

Package files

ckeditor_4.12.1+dfsg-1ubuntu0.1.debian.tar.xz (12.9 KiB)
ckeditor_4.12.1+dfsg-1ubuntu0.1.dsc (2.0 KiB)
ckeditor_4.12.1+dfsg-1ubuntu0.1_all.deb (1.1 MiB)
ckeditor_4.12.1+dfsg.orig.tar.xz (7.5 MiB)