[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Support for ckeditor3 in Debian

Hello Security Team,

I'm currently checking 'ckeditor' (v4), an HTML editor for web applications, currently v4), for vulnerabilities to fix.
(I may send a separate e-mail about this later)

I noted that 'ckeditor3' (re-introduced as a dependency to horde in 2016) did not reference any vulnerabilities. A quick check showed that it contains vulnerable code for at least CVE-2021-33829 and CVE-2021-37695.

Do you think we should we tag 'ckeditor3' with confirmed CVEs from 'ckeditor'? Or mark it as end-of-life?

Sylvain Beucler
Debian LTS Team

Reply to: