The following Fedora EPEL 7 Security updates need testing:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-78aede2789
gifsicle-1.93-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f005e1b879
debmirror-2.35-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bf6b6fd790
python-rsa-3.4.2-3.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-68d47b481c
mozilla-ublock-origin-1.37.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bpfmon-2.50-1.el7
ckeditor-4.16.2-1.el7
iotop-c-1.19-1.el7
oval-graph-1.3.1-1.el7
pcg-cpp-0.98.1-1.el7
python-xxhash-2.0.2-1.el7
teem-1.11.0-19.el7
Details about builds:
================================================================================
bpfmon-2.50-1.el7 (FEDORA-EPEL-2021-ddef2597aa)
Traffic monitor for BPF expression/iptables rule
--------------------------------------------------------------------------------
Update Information:
New version 2.50
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2021 Boian Bonev <bbonev(a)ipacct.com> - 2.50-1
- New version 2.50
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.49-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.49-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ckeditor-4.16.2-1.el7 (FEDORA-EPEL-2021-2f9b2cf4af)
WYSIWYG text editor to be used inside web pages
--------------------------------------------------------------------------------
Update Information:
## CKEditor 4.16.2 **Security Updates:** * Fixed XSS vulnerability in the
[
Clipboard](https://ckeditor.com/cke4/addon/clipboard) plugin reported by [Anton
Subbotin](https://github.com/skavans). Issue summary: The vulnerability
allowed to abuse paste functionality using malformed HTML, which could result in
injecting arbitrary HTML into the editor. See [security advisory](https://github
.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg) for more
details. * Fixed XSS vulnerability in the
[
Widget](https://ckeditor.com/cke4/addon/widget) plugin reported by [Anton
Subbotin](https://github.com/skavans). Issue summary: The vulnerability
allowed to abuse undo functionality using malformed
[
Widget](https://ckeditor.com/cke4/addon/widget) HTML, which could result in
executing JavaScript code. See [security
advisory](https://github.com/ckeditor/c
keditor4/security/advisories/GHSA-6226-h7ff-ch6c) for more details. * Fixed XSS
vulnerability in the [Fake
Objects](https://ckeditor.com/cke4/addon/fakeobjects)
plugin reported by [Mika
Kulmala](https://github.com/kulmik). Issue
summary: The vulnerability allowed to inject malformed [Fake
Objects](https://ckeditor.com/cke4/addon/fakeobjects) HTML, which could result
in executing JavaScript code. See [security
advisory](https://github.com/ckedito
r/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc) for more details. You can
read more details in the relevant security advisory and [contact
us](security(a)cksource.com) if you have more questions. **An upgrade is highly
recommended!** Fixed Issues: *
[#4777](https://github.com/ckeditor/ckeditor4/issues/4777): Fixed: HTML comments
in widgets not processed correctly. *
[#4733](https://github.com/ckeditor/ckeditor4/pull/4733): Fixed:
[
Link](https://ckeditor.com/cke4/addon/link) prevent duplicate anchors in text
with styles. *
[#4728](https://github.com/ckeditor/ckeditor4/issues/4728): Fixed: Multiple
anchors in one line and multi-line with text style. *
[#3863](https://github.com/ckeditor/ckeditor4/issues/3863): Fixed: Multiple
anchors in single word with text style. *
[#3819](https://github.com/ckeditor/ckeditor4/issues/3819): [Chrome] Fixed:
After removing one of the two consecutive spaces, the ` ` character appears
in the editor instead of a space. *
[#4666](https://github.com/ckeditor/ckeditor4/pull/4666): [IE] Introduce
CSS.escape polyfill. Thanks to [
limingli0707](https://github.com/limingli0707)!
* [#681](https://github.com/ckeditor/ckeditor4/issues/681): Fixed: Table
elements (td, tr, th, ..) with an id that starts with dot (.) causes javascript
runtime err. * [#641](https://github.com/ckeditor/ckeditor4/issues/641):
Fixed: UploadImage Plugin Widgets not working in IE, Opera, Safari, PhantomJS. *
[#3638](https://github.com/ckeditor/ckeditor4/issues/3638): Fixed: Opening the
same dialog twice causes it to become hidden under the dialog's page cover. *
[#4247](https://github.com/ckeditor/ckeditor4/issues/4247): Fixed: [Color
Button](https://ckeditor.com/cke4/addon/colorbutton)'s incorrect rendering on
the first opening. * [#4555](https://github.com/ckeditor/ckeditor4/issues/4555):
Fixed: [
Font](https://ckeditor.com/cke4/addon/font) styles with attributes are
not applied correctly when used multiple times over the same selection. *
[#4782](https://github.com/ckeditor/ckeditor4/issues/4782): [Firefox] Fixed:
`TypeError` is thrown when switching to Source View and back while
[
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) plugin is enabled.
## CKEditor 4.16.1 Fixed Issues: *
[#4617](https://github.com/ckeditor/ckeditor4/issues/4617): Fixed:
[
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) is not accessible
in inline editors. * [#4493](https://github.com/ckeditor/ckeditor4/issues/4493):
Fixed: The [
drop-down](https://ckeditor.com/cke4/addon/richcombo) label does not
reflect the current value of the drop-down. *
[#1572](https://github.com/ckeditor/ckeditor4/issues/1572): Fixed: A paragraph
before or after a [
widget](https://ckeditor.com/cke4/addon/widget) cannot be
removed. Thanks to [
bunglegrind](https://github.com/bunglegrind)! *
[#4301](https://github.com/ckeditor/ckeditor4/issues/4301): Fixed: Pasted
content is overwritten when pasted in an initially empty editor with the [`div`
Enter
mode](https://ckeditor.com/docs/ckeditor4/latest/features/enterkey.html).
* [#4351](https://github.com/ckeditor/ckeditor4/issues/4351): Fixed: Incorrect
values for RGBA/HSLA colors in [Color
Dialog](https://ckeditor.com/cke4/addon/colordialog). *
[#4509](https://github.com/ckeditor/ckeditor4/issues/4509): Fixed: Incorrect
handling of drag & drop inside [
widgets](https://ckeditor.com/cke4/addon/widget)
and nested editables. *
[#4611](https://github.com/ckeditor/ckeditor4/issues/4611): [Android, iOS]
Fixed: Incorrect hover styles for buttons in the toolbar on mobile devices. *
[#4652](https://github.com/ckeditor/ckeditor4/issues/4652): Fixed: [Event
data](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_eventInfo.h...
set to `false` is treated as an event cancelation. *
[#4659](https://github.com/ckeditor/ckeditor4/issues/4659): Fixed: [`CKEDITOR.ht
mlParser`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_htmlPa...
ml) does not treat `--!>` as a comment end tag correctly. ## CKEditor 4.16
**Security Updates:** * Fixed ReDoS vulnerability in the
[
Autolink](https://ckeditor.com/cke4/addon/autolink) plugin. Issue
summary: It was possible to execute a ReDoS-type attack inside CKEditor 4 by
persuading a victim to paste a specially crafted URL-like text into the editor
and press <kbd>Enter</kbd> or <kbd>Space</kbd>. * Fixed ReDoS
vulnerability in
the [Advanced Tab for
Dialogs](https://ckeditor.com/cke4/addon/dialogadvtab)
plugin. Issue summary: It was possible to execute a ReDoS-type attack
inside CKEditor 4 by persuading a victim to paste a specially crafted text into
the Styles dialog. **An upgrade is highly recommended!** New Features: *
[#2800](https://github.com/ckeditor/ckeditor4/issues/2800): Unsupported image
formats are now gracefully handled by the [Paste from
Word](https://ckeditor.com/cke4/addon/pastefromword) plugin on paste,
additionally showing descriptive error messages. *
[#2800](https://github.com/ckeditor/ckeditor4/issues/2800): Unsupported image
formats are now gracefully handled by the [Paste from
LibreOffice](https://ckeditor.com/cke4/addon/pastefromlibreoffice) plugin on
paste, additionally showing descriptive error messages. *
[#3582](https://github.com/ckeditor/ckeditor4/issues/3582): Introduced smart
positioning of the [
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete)
panel used by the [
Mentions](https://ckeditor.com/cke4/addon/mentions) and
[
Emoji](https://ckeditor.com/cke4/addon/emoji) plugins. The panel will now be
additionally positioned related to the browser viewport to be always fully
visible. * [#4388](https://github.com/ckeditor/ckeditor4/issues/4388): Added the
option to remove an iframe created with the [IFrame
Dialog](https://ckeditor.com/cke4/addon/iframe) plugin from the sequential
keyboard navigation using the `tabindex` attribute. Thanks to [Timo
Kirkkala](https://github.com/kirkkala)! Fixed Issues: *
[#1134](https://github.com/ckeditor/ckeditor4/issues/1134): [Safari] Fixed:
[Paste from
Word](https://ckeditor.com/cke4/addon/pastefromword) does not embed
images. * [#2800](https://github.com/ckeditor/ckeditor4/issues/2800): Fixed: No
images are imported from Microsoft Word when the content is pasted via the
[Paste from
Word](https://ckeditor.com/cke4/addon/pastefromword) plugin if there
is at least one image of unsupported format. *
[#4379](https://github.com/ckeditor/ckeditor4/issues/4379): [Edge] Fixed:
Incorrect detection of the [high contrast
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_a11y.html#high-
contrast-mode). * [#4422](https://github.com/ckeditor/ckeditor4/issues/4422):
Fixed: Missing space between the button name and the keyboard shortcut inside
the button label in the [high contrast
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_a11y.html#high-
contrast-mode). * [#2208](https://github.com/ckeditor/ckeditor4/issues/2208):
[IE] Fixed: The [
Autolink](https://ckeditor.com/cke4/addon/autolink) plugin
duplicates the native browser implementation. *
[#1824](https://github.com/ckeditor/ckeditor4/issues/1824): Fixed: The
[
Autolink](https://ckeditor.com/cke4/addon/autolink) plugin should require the
[
Link](https://ckeditor.com/cke4/addon/link) plugin. *
[#4253](https://github.com/ckeditor/ckeditor4/issues/4253): Fixed: The [Editor
Placeholder](https://ckeditor.com/cke4/addon/editorplaceholder) plugin throws an
error during the editor initialization with [`config.fullPage`](https://ckeditor
.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-fullPage) enabled when
there is no `<body>` tag in the editor content. *
[#4372](https://github.com/ckeditor/ckeditor4/issues/4372): Fixed: The
[
Autogrow](https://ckeditor.com/cke4/addon/autogrow) plugin changes the editor's
width when used with an absolute [`config.width`](https://ckeditor.com/docs/cked
itor4/latest/api/CKEDITOR_config.html#cfg-width) value. API Changes: *
[#4358](https://github.com/ckeditor/ckeditor4/issues/4358): Introduced the [`CKE
DITOR.tools.color`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDIT...
s_color.html) class which adds colors validation and methods for converting
colors between various formats: named colors, HEX, RGB, RGBA, HSL and HSLA. *
[#3782](https://github.com/ckeditor/ckeditor4/issues/3782): Moved the [`CKEDITOR
.plugins.pastetools.filters.word.images`](https://ckeditor.com/docs/ckeditor4/la
test/api/CKEDITOR_plugins_pastetools_filters_word_images.html) filters to the [`
CKEDITOR.plugins.pastetools.filters.image`](https://ckeditor.com/docs/cke...
latest/api/CKEDITOR_plugins_pastetools_filters_image.html) namespace. *
[#4297](https://github.com/ckeditor/ckeditor4/issues/4297): All [`CKEDITOR.plugi
ns.pastetools.filters`](https://ckeditor.com/docs/ckeditor4/latest/api/CK...
plugins_pastetools_filters.html) are now available under the [`CKEDITOR.pasteToo
ls`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR.html#property-
pasteTools) alias. * [#4394](https://github.com/ckeditor/ckeditor4/issues/4394):
Introduced [`CKEDITOR.ajax`](https://ckeditor.com/docs/ckeditor4/latest/api/CKED
ITOR_ajax.html) specialized loading methods for loading binary ([`CKEDITOR.ajax.
loadBinary()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_aj...
#method-loadBinary)) and text ([`CKEDITOR.ajax.loadText()`](https://ckeditor.com
/docs/ckeditor4/latest/api/CKEDITOR_ajax.html#method-loadText)) data. Other
Changes: * The [
WebSpellChecker](https://ckeditor.com/cke4/addon/wsc) (WSC)
plugin is now disabled by default in [Standard and Full
presets](https://ckeditor.com/cke4/presets). It can be enabled via [`extraPlugin
s`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-
extraPlugins) configuration option. ## CKEditor 4.15.1 **Security Updates:**
* Fixed XSS vulnerability in the [Color History
feature](https://ckeditor.com/do
cs/ckeditor4/latest/features/colorbutton.html#color-history) reported by [Mark
Wade](https://github.com/mark-wade). Issue summary: It was possible to
execute an XSS-type attack inside CKEditor 4 by persuading a victim to paste a
specially crafted HTML code into the [Color
Button](https://ckeditor.com/cke4/addon/colorbutton) dialog. **An upgrade is
highly recommended!** Fixed Issues: *
[#4293](https://github.com/ckeditor/ckeditor4/issues/4293): Fixed: The [`CKEDITO
R.inlineAll()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR.h...
hod-inlineAll) method tries to initialize inline editor also on elements with an
editor already attached to them. *
[#3961](https://github.com/ckeditor/ckeditor4/issues/3961): Fixed: The [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin prevents editing of
merged cells. * [#3649](https://github.com/ckeditor/ckeditor4/issues/3649):
Fixed: Applying a [block
format](https://ckeditor.com/docs/ckeditor4/latest/features/format.html) should
remove existing block styles. *
[#4282](https://github.com/ckeditor/ckeditor4/issues/4282): Fixed: The [script l
oader](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_scriptLoad...
) does not execute callback for scripts already loaded when called for the
second time. Thanks to [Alexander
Korotkevich](https://github.com/aldoom)! *
[#4273](https://github.com/ckeditor/ckeditor4/issues/4273): Fixed: A memory leak
in the [`CKEDITOR.domReady()`](https://ckeditor.com/docs/ckeditor4/latest/api/CK
EDITOR.html#method-domReady) method connected with not removing `load` event
listeners. Thanks to [
rohit1](https://github.com/rohit1)! *
[#1330](https://github.com/ckeditor/ckeditor4/issues/1330): Fixed: Incomplete
CSS margin parsing if an `auto` or `0` value is used. *
[#4286](https://github.com/ckeditor/ckeditor4/issues/4286): Fixed: The [Auto
Grow](https://ckeditor.com/cke4/addon/autogrow) plugin causes the editor width
to be set to `0` on editor resize. *
[#848](https://github.com/ckeditor/ckeditor4/issues/848): Fixed: Arabic text not
being "bound" correctly when pasting. Thanks to [Thomas
Hunkapiller](https://github.com/devoidfury) and [J. Ivan Duarte
Rodr��guez](https://github.com/jidrone-mbm)! API Changes: *
[#3649](https://github.com/ckeditor/ckeditor4/issues/3649): Added a new [`styles
Remove`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor.h...
nt-stylesRemove) editor event. Other Changes: *
[#4262](https://github.com/ckeditor/ckeditor4/issues/4262): Removed the global
reference to the `stylesLoaded` variable. Thanks to [Levi
Carter](https://github.com/swiftMessenger)! * Updated the [Export to
PDF](https://ckeditor.com/cke4/addon/exportpdf) plugin to `1.0.1` version:
* Improved external CSS support for [classic
editor](https://ckeditor.com/docs/ckeditor4/latest/examples/classic.html) by
handling exceptions and displaying convenient [error messages](https://ckeditor.
com/docs/ckeditor4/latest/guide/dev_errors.html#exportpdf-stylesheets-
incaccessible). ## CKEditor 4.15 New features: *
[#3940](https://github.com/ckeditor/ckeditor4/issues/3940): Introduced the
`colorName` property for customizing foreground and background styles in the
[Color
Button](https://ckeditor.com/cke4/addon/colorbutton) plugin via the [`con
fig.colorButton_foreStyle`](https://ckeditor.com/docs/ckeditor4/latest/ap...
TOR_config.html#cfg-colorButton_foreStyle) and [`config.colorButton_backStyle`](
https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-
colorButton_backStyle) configuration options. *
[#3793](https://github.com/ckeditor/ckeditor4/issues/3793): Introduced the
[Editor
Placeholder](https://ckeditor.com/cke4/addon/editorplaceholder) plugin.
* [#1795](https://github.com/ckeditor/ckeditor4/issues/1795): The colors picked
from the [Color
Dialog](https://ckeditor.com/cke4/addon/colordialog) are now
stored in the [Color
Button](https://ckeditor.com/cke4/addon/colorbutton)
palette and can be reused easily. *
[#3783](https://github.com/ckeditor/ckeditor4/issues/3783): The colors used in
the document are now displayed as a part of the [Color
Button](https://ckeditor.com/cke4/addon/colorbutton) palette. Fixed Issues: *
[#4060](https://github.com/ckeditor/ckeditor4/issues/4060): Fixed: The content
inside a [
widget](https://ckeditor.com/cke4/addon/widget) nested editable is
escaped twice. * [#4183](https://github.com/ckeditor/ckeditor4/issues/4183):
[Safari] Fixed: Incorrect image dimensions when using the [Easy
Image](https://ckeditor.com/cke4/addon/easyimage) plugin alongside the [IFrame
Editing
Area](https://ckeditor.com/cke4/addon/wysiwygarea) plugin. *
[#3693](https://github.com/ckeditor/ckeditor4/issues/3693): Fixed: Incorrect
default values for several [Color
Button](https://ckeditor.com/cke4/addon/colorbutton) configuration variables in
the API documentation. *
[#3795](https://github.com/ckeditor/ckeditor4/issues/3795): Fixed: Setting the [
`config.dataIndentationChars`](https://ckeditor.com/docs/ckeditor4/latest/api/CK
EDITOR_config.html#cfg-dataIndentationChars) configuration option to an empty
string is ignored and replaced by a tab (`\t`) character. Thanks to [Thomas
Grinderslev](https://github.com/Znegl)! *
[#4107](https://github.com/ckeditor/ckeditor4/issues/4107): Fixed: Multiple
[
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) instances cause
keyboard navigation issues. *
[#4041](https://github.com/ckeditor/ckeditor4/issues/4041): Fixed: The[`selectio
n.scrollIntoView`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITO...
election.html#method-scrollIntoView) method throws an error when the editor
selection is not set. *
[#3361](https://github.com/ckeditor/ckeditor4/issues/3361): Fixed: Loading
multiple [custom editor
configurations](https://ckeditor.com/docs/ckeditor4/late
st/api/CKEDITOR_config.html#cfg-customConfig) is prone to a race condition
between these. * [#4007](https://github.com/ckeditor/ckeditor4/issues/4007):
Fixed: Screen readers do not announce the [Rich
Combo](https://ckeditor.com/cke4/addon/richcombo) plugin is collapsed or
expanded. * [#4141](https://github.com/ckeditor/ckeditor4/issues/4141): Fixed:
The styles are incorrectly applied when there is a `<select>` element inside the
editor. ## CKEditor 4.14.1 Fixed Issues: *
[#2607](https://github.com/ckeditor/ckeditor4/issues/2607): Fixed: The
[
Emoji](https://ckeditor.com/cke4/addon/emoji) plugin SVG icons file is not
loaded in CORS context. *
[#3866](https://github.com/ckeditor/ckeditor4/issues/3866): Fixed: The [`config.
readOnly`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config...
fg-readOnly) configuration option not considered for startup read-only mode of
inline editor. * [#3931](https://github.com/ckeditor/ckeditor4/issues/3931):
[IE] Fixed: An error is thrown when pasting using the Paste button after
accepting the browser Clipboard Access Prompt dialog. *
[#3938](https://github.com/ckeditor/ckeditor4/issues/3938): Fixed: Cannot
navigate the [
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete) panel
with the keyboard after switching to source mode. *
[#2823](https://github.com/ckeditor/ckeditor4/issues/2823): [IE] Fixed: Cannot
resize the last table column using the [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin. *
[#909](https://github.com/ckeditor/ckeditor4/issues/909): Fixed: The [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin does not work when
the editor is placed in an absolutely positioned container. Thanks to [Roland
Petto](https://github.com/arpi68)! *
[#1959](https://github.com/ckeditor/ckeditor4/issues/1959): Fixed: The [Table
Resize](https://ckeditor.com/cke4/addon/tableresize) plugin does not work in a
[
maximized](https://ckeditor.com/cke4/addon/maximize) editor when the [Div
Editing
Area](https://ckeditor.com/cke4/addon/divarea) feature is enabled.
Thanks to [Roland
Petto](https://github.com/arpi68)! *
[#3156](https://github.com/ckeditor/ckeditor4/issues/3156): Fixed:
[
Autolink](https://ckeditor.com/cke4/addon/autolink) [`config.autolink_urlRegex`
](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-
autolink_urlRegex) and [`config.autolink_emailRegex`](https://ckeditor.com/docs/
ckeditor4/latest/api/CKEDITOR_config.html#cfg-autolink_emailRegex) options are
not customizable. Thanks to [Sergiy
Dobrovolsky](https://github.com/serggoodwill)! *
[#624](https://github.com/ckeditor/ckeditor4/issues/624): Fixed:
[
Notification](https://ckeditor.com/cke4/addon/notification) does not work with
the [bottom toolbar
location](https://ckeditor.com/docs/ckeditor4/latest/api/CKE
DITOR_config.html#cfg-toolbarLocation). *
[#3000](https://github.com/ckeditor/ckeditor4/issues/3000): Fixed: [Auto
Embed](https://ckeditor.com/cke4/addon/autoembed) does not work with the [bottom
toolbar
location](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config
.html#cfg-toolbarLocation). *
[#1883](https://github.com/ckeditor/ckeditor4/issues/1883): Fixed: The [`editor.
resize()`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_editor...
ethod-resize) method does not work with CSS units. *
[#3926](https://github.com/ckeditor/ckeditor4/issues/3926): Fixed: Dragging and
dropping a [
widget](https://ckeditor.com/cke4/addon/widget) sometimes produces
an error. * [#4008](https://github.com/ckeditor/ckeditor4/issues/4008): Fixed:
[Remove
Format](https://ckeditor.com/cke4/addon/removeformat) does not work with
a collapsed selection. *
[#3998](https://github.com/ckeditor/ckeditor4/issues/3998): Fixed: An error is
thrown when switching to the [source
mode](https://ckeditor.com/cke4/addon/sourcearea) using a custom
<kbd>Ctrl</kbd>
+ <kbd>Enter</kbd>
[
keystroke](https://ckeditor.com/docs/ckeditor4/latest/api/CK
EDITOR_editor.html#method-setKeystroke) with the
[
Widget](https://ckeditor.com/cke4/addon/widget) plugin present. Other Changes:
* Updated [
WebSpellChecker](https://ckeditor.com/cke4/addon/wsc) (WSC) and
[
SpellCheckAsYouType](https://ckeditor.com/cke4/addon/scayt) (SCAYT) plugins:
* Fixed: Active [
Autocomplete](https://ckeditor.com/cke4/addon/autocomplete)
panel causes active suggestions to be unnecessarily checked by the SCAYT spell
checking mechanism.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2021 Shawn Iwinski <shawn(a)iwin.ski> - 4.16.2-1
- Update to 4.16.2 (RHBZ #1847904)
-
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-... /
CVE-2021-37695 (RHBZ #1993490, 1993489)
- CVE-2021-33829 (RHBZ #1974731, 1974730)
-
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-... /
CVE-2021-32809 (RHBZ #1993487, 1993486)
-
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-... /
CVE-2021-32808 (RHBZ #1993484, 1993483)
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.14.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1847904 - ckeditor-4.16.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1847904
[ 2 ] Bug #1974730 - CVE-2021-33829 ckeditor: cross-site scripting allows remote
attackers to inject executable JavaScript code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1974730
[ 3 ] Bug #1974731 - CVE-2021-33829 ckeditor: cross-site scripting allows remote
attackers to inject executable JavaScript code [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1974731
[ 4 ] Bug #1993483 - CVE-2021-32808 ckeditor: widget feature vulnerability allowing to
execute JavaScript code using undo functionality [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1993483
[ 5 ] Bug #1993484 - CVE-2021-32808 ckeditor: widget feature vulnerability allowing to
execute JavaScript code using undo functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1993484
[ 6 ] Bug #1993486 - CVE-2021-32809 ckeditor: clipboard feature vulnerability allowing
to inject arbitrary HTML into the editor using paste functionality [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1993486
[ 7 ] Bug #1993487 - CVE-2021-32809 ckeditor: clipboard feature vulnerability allowing
to inject arbitrary HTML into the editor using paste functionality [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1993487
[ 8 ] Bug #1993489 - CVE-2021-37695 ckeditor: fake objects feature vulnerability
allowing to execute JavaScript code using malformed HTML [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1993489
[ 9 ] Bug #1993490 - CVE-2021-37695 ckeditor: fake objects feature vulnerability
allowing to execute JavaScript code using malformed HTML [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1993490
--------------------------------------------------------------------------------
================================================================================
iotop-c-1.19-1.el7 (FEDORA-EPEL-2021-bac3aa9405)
Simple top-like I/O monitor (implemented in C)
--------------------------------------------------------------------------------
Update Information:
Update to latest ver 1.19
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 21 2021 Boian Bonev <bbonev(a)ipacct.com> - 1.19-1
- Update to latest ver 1.19
- Remove unsupported -Wdate-time on epel7
--------------------------------------------------------------------------------
================================================================================
oval-graph-1.3.1-1.el7 (FEDORA-EPEL-2021-1ad4706edf)
Tool for visualization of SCAP rule evaluation results
--------------------------------------------------------------------------------
Update Information:
1.3.1 (Jan Rodak)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 20 2021 Packit Service <user-cont-team+packit-service(a)redhat.com> -
1.3.1-1
- 1.3.1 (Jan Rodak)
- Fix missing test files (Jan Rodak)
--------------------------------------------------------------------------------
================================================================================
pcg-cpp-0.98.1-1.el7 (FEDORA-EPEL-2021-52c641e4d5)
PCG Random Number Generation, C++ Edition
--------------------------------------------------------------------------------
Update Information:
Initial package for EPEL7
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2003169 - Review Request: pcg-cpp - PCG Random Number Generation, C++
Edition
https://bugzilla.redhat.com/show_bug.cgi?id=2003169
--------------------------------------------------------------------------------
================================================================================
python-xxhash-2.0.2-1.el7 (FEDORA-EPEL-2021-e08f61e11e)
Python Binding for xxHash
--------------------------------------------------------------------------------
Update Information:
Initial package for EPEL7
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
teem-1.11.0-19.el7 (FEDORA-EPEL-2021-548556e66f)
Libraries for processing and visualizing scientific raster data
--------------------------------------------------------------------------------
Update Information:
Initial package for EPEL7
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------