ckeditor 4.11.1+dfsg-1 source package in Debian
Changelog
ckeditor (4.11.1+dfsg-1) unstable; urgency=high
* Security release:
Fixed XSS vulnerability in the HTML parser reported by maxarr.
Issue summary: It was possible to execute XSS inside CKEditor
after persuading the victim to:
(i) switch CKEditor to source mode, then
(ii) paste a specially crafted HTML code, prepared by the attacker,
into the opened CKEditor source area, and
(iii) switch back to WYSIWYG mode.
* Fix minors WYSIWYG mode issues.
-- Bastien Roucariès <email address hidden> Wed, 14 Nov 2018 16:04:19 +0100
Upload details
- Uploaded by:
- Debian Javascript Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Javascript Maintainers
- Architectures:
- all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Buster | release | main | web |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| ckeditor_4.11.1+dfsg-1.dsc | 2.0 KiB | f0155965784a922a17fd47d08ba053111866f8f9f9f04398b36c688bcd808b89 |
| ckeditor_4.11.1+dfsg.orig.tar.xz | 6.8 MiB | d0e24607849fbcffbc29def9535f57c8e983c7eaf054cc06796f00a582441abd |
| ckeditor_4.11.1+dfsg-1.debian.tar.xz | 10.5 KiB | d880d3bdcd4fe7f850d5c7ff26281a8f9cb594db2a280b29a8f1ec18358b364c |
Available diffs
- diff from 4.10.1+dfsg-1 to 4.11.1+dfsg-1 (461.7 KiB)
No changes file available.
