UbuntuUpdates.org

Package "ckeditor"

Name: ckeditor

Description:

text editor which can be embedded into web pages
Latest version: 4.5.7+dfsg-2ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://ckeditor.com

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ckeditor"

All arch deb package
APT INSTALL

Other versions of "ckeditor" in Bionic

Repository Area Version
base universe 4.5.7+dfsg-2
updates universe 4.5.7+dfsg-2ubuntu0.18.04.1

Changelog

Version: 4.5.7+dfsg-2ubuntu0.18.04.1 2022-03-22 16:06:33 UTC

  ckeditor (4.5.7+dfsg-2ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: code injection in HTML data processor
    - debian/patches/CVE-2021-33829.patch: treat --!> as a valid comment
      end tag in core/htmlparser.js
    - CVE-2020-9281
    - CVE-2021-33289
  * SECURITY UPDATE: cross-site scripting in image2 plugin
    - debian/patches/CVE-2018-9861.patch: perform encoding over the
      content before rendering in core/selection.js
    - CVE-2018-9861
  * SECURITY UPDATE: HTML injection in clipboard plugin
    - debian/patches/CVE-2021-32809.patch: clean unwanted characters and
      tags from clipboard data in plugins/clipboard/plugin.js
    - CVE-2021-32809
  * SECURITY UPDATE: code injection through fake objects.
    - debian/patches/CVE-2021-37695.patch: perform filtering over the
      content used to restore real element in fakeobjects/plugin.js.
    - CVE-2021-37695

 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Mar 2022 10:53:24 +0100
CVE-2021-33829 A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to in
CVE-2020-9281 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web sc
CVE-2021-33289 In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for cod
CVE-2018-9861 Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), a
CVE-2021-32809 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](htt
CVE-2021-37695 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](


About   -   Send Feedback to @ubuntu_updates