: VCS matches the version in the archive
- Git: https://salsa.debian.org/js-team/ckeditor.git
- Branch: master
- Path: debian/changelog
- Browser: https://salsa.debian.org/js-team/ckeditor
- Last scan: 2019-08-17 00:44:27+00
- Next scan: 2019-08-23 11:43:00+00
- Debian changelog in Git:
ckeditor (4.11.1+dfsg-1) unstable; urgency=high
* Security release:
Fixed XSS vulnerability in the HTML parser reported by maxarr.
Issue summary: It was possible to execute XSS inside CKEditor
after persuading the victim to:
(i) switch CKEditor to source mode, then
(ii) paste a specially crafted HTML code, prepared by the attacker,
into the opened CKEditor source area, and
(iii) switch back to WYSIWYG mode.
* Fix minors WYSIWYG mode issues.
-- Bastien Roucariès <firstname.lastname@example.org> Wed, 14 Nov 2018 16:04:19 +0100
- This branch is even with tag debian-4.11.1+dfsg-1