Package: ftp.debian.org Severity: normal X-Debbugs-Cc: t...@security.debian.org, debian-...@lists.debian.org, php-ho...@packages.debian.org
Hello FTP Masters, I am part of the Debian LTS Team and helping the Debian Horde Team handle the ckeditor situation. Please remove ckeditor3 from unstable. The package was re-introduced as a backport specially for php-horde*: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959477 Horde was recently fixed to use ckeditor[v4], and was its only reverse dependency, so ckeditor3 is no longer needed: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042715 Additionally, ckeditor3 is EOL upstream, and has several open vulnerabilities: https://security-tracker.debian.org/tracker/source-package/ckeditor3 It was EOL'd in stretch-lts and buster-lts: https://lists.debian.org/debian-lts/2022/08/msg00001.html and I proposed the same for bullseye-lts and bookworm: https://lists.debian.org/debian-lts/2025/04/msg00009.html Note: ckeditor3 appears to be mistakenly used as a reverse build-dependency for virtuoso-opensource. The maintainers have been notified around 2 weeks ago: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101019 I believe we can proceed with a removal from unstable nonetheless, but I'm open to suggestions :) Cheers! Sylvain Beucler Debian LTS Team
