Re: Support for ckeditor3 in Debian

To: Sylvain Beucler <beuc@beuc.net>
Cc: Debian Security Team <team@security.debian.org>, Santiago Ruano Rincón <santiagorr@riseup.net>, debian@jugra.de, Debian LTS <debian-lts@lists.debian.org>, Mike Gabriel <sunweaver@debian.org>
Subject: Re: Support for ckeditor3 in Debian
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Thu, 3 Apr 2025 20:26:00 +0200
Message-id: <[🔎] Z-7SuGi8jS1SVXgE@pisco.westfalen.local>
In-reply-to: <[🔎] d8ce7a6b-8ba2-430d-8822-d9ef7f47cd7d@beuc.net>
References: <36e7d0a3-9cd4-4eb6-b340-420bd0407434@beuc.net> <a69bed8c-aa61-c06f-b1c9-13b5f2d8d7f0@beuc.net> <YpMiiwhmQ54YLSFC@eldamar.lan> <YpUHHmKB4/72eAXC@pisco.westfalen.local> <20220531054200.Horde.ZMSH8tRX-fV0agN46MS32ZM@mail.das-netzwerkteam.de> <Zrd27JjGfvUmUDJ2@voleno> <20240811105723.GA31009@inutil.org> <20240812002717.Horde.GN4J8X1_GET8DouLG7JBML2@mail.das-netzwerkteam.de> <de392a82-993d-4f19-8a29-18e425dcdd5e@beuc.net> <[🔎] d8ce7a6b-8ba2-430d-8822-d9ef7f47cd7d@beuc.net>

Am Thu, Apr 03, 2025 at 04:15:27PM +0200 schrieb Sylvain Beucler:
> Hello Security Team,
> 
> I realized that ckeditor3 is not referenced in debian-security-support for
> bullseye nor for bookworm.
> 
> It was for buster-lts and stretch-lts:
> https://lists.debian.org/debian-lts/2022/05/msg00060.html
> https://lists.debian.org/debian-lts/2022/08/msg00001.html
> 
> (Ideally we could now drop ckeditor3 from bullseye & bookworm, since it's
> not used by php-horde-editor anymore, but sadly it's still a
> build-dependency of virtuoso-opensource, see above.)
> 
> The issues are still present:
> - horde-specific
> - EOL'd upstream
> - open CVEs with no patches
> 
> For clarity, do we want to add ckeditor3 to
> security-support-ended.deb11/12/13 ?

Let's add it to security-support-limited.deb12:

ckeditor3    Only present as a build dependency for virtuose, no updates will be issued

Cheers,
        Moritz

Reply to:

References:
- Re: Support for ckeditor3 in Debian
  - From: Sylvain Beucler <beuc@beuc.net>

Prev by Date: Bug#1101984: RM: ckeditor3 -- NVIU; specific to php-horde, EOL'd upstream, unfixed security issues
Next by Date: Re: RM: ckeditor3 -- NVIU; specific to php-horde, EOL'd upstream, unfixed security issues
Previous by thread: Re: Support for ckeditor3 in Debian
Next by thread: Bug#1101984: RM: ckeditor3 -- NVIU; specific to php-horde, EOL'd upstream, unfixed security issues
Index(es):
- Date
- Thread