Debian 10260 Published by

A ckeditor security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a regression introduced by the previous update.



ELA-905-1 ckeditor security update

Package : ckeditor
Version : 4.4.4+dfsg1-2+deb8u2 (jessie), 4.5.7+dfsg-2+deb9u2 (stretch)
Related CVEs :
CVE-2021-37695

A regression was introduced after fixing CVE-2021-37695 in ckeditor a rich text editor for the web written in javascript. This regression was due to lack of polyfill (a snippet of code that patches a piece of functionality that is missing in some browsers) in stretch and jessie for javascript array class. This was fixed by manually emulating the polyfill. This regression was introduced in DLA-2813-1 for stretch and ELA-513-1 for jessie.

ELA-905-1 ckeditor security update