| Package | ckeditor |
|---|---|
| Version | 4.4.4+dfsg1-2+deb8u2 (jessie), 4.5.7+dfsg-2+deb9u2 (stretch) |
| Related CVEs | CVE-2021-37695 |
A regression was introduced after fixing CVE-2021-37695 in ckeditor a rich text editor for the web written in javascript. This regression was due to lack of polyfill (a snippet of code that patches a piece of functionality that is missing in some browsers) in stretch and jessie for javascript array class. This was fixed by manually emulating the polyfill. This regression was introduced in DLA-2813-1 for stretch and ELA-513-1 for jessie.
For Debian 8 jessie, these problems have been fixed in version 4.4.4+dfsg1-2+deb8u2.
For Debian 9 stretch, these problems have been fixed in version 4.5.7+dfsg-2+deb9u2.
We recommend that you upgrade your ckeditor packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.