Your message dated Fri, 11 Apr 2025 13:36:51 +0000
with message-id <[email protected]>
and subject line Bug#1101984: Removed package(s) from unstable
has caused the Debian Bug report #1101984,
regarding RM: ckeditor3 -- NVIU; specific to php-horde, EOL'd upstream, unfixed
security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1101984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101984
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ftp.debian.org
Severity: normal
X-Debbugs-Cc: [email protected], [email protected],
[email protected]
Hello FTP Masters,
I am part of the Debian LTS Team and helping the Debian Horde Team
handle the ckeditor situation.
Please remove ckeditor3 from unstable.
The package was re-introduced as a backport specially for php-horde*:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959477
Horde was recently fixed to use ckeditor[v4], and was its only reverse
dependency, so ckeditor3 is no longer needed:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042715
Additionally, ckeditor3 is EOL upstream, and has several open
vulnerabilities:
https://security-tracker.debian.org/tracker/source-package/ckeditor3
It was EOL'd in stretch-lts and buster-lts:
https://lists.debian.org/debian-lts/2022/08/msg00001.html
and I proposed the same for bullseye-lts and bookworm:
https://lists.debian.org/debian-lts/2025/04/msg00009.html
Note: ckeditor3 appears to be mistakenly used as a reverse
build-dependency for virtuoso-opensource. The maintainers have been
notified around 2 weeks ago:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101019
I believe we can proceed with a removal from unstable nonetheless, but I'm open
to suggestions :)
Cheers!
Sylvain Beucler
Debian LTS Team
--- End Message ---
--- Begin Message ---
We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:
ckeditor3 | 3.6.6.1+dfsg-7 | source, all
------------------- Reason -------------------
NVIU; specific to php-horde, EOL'd upstream, unfixed security issues
----------------------------------------------
Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it). Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.
Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.
We try to close bugs which have been reported against this package
automatically. But please check all old bugs, if they were closed
correctly or should have been re-assigned to another package.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected].
The full log for this bug can be viewed at https://bugs.debian.org/1101984
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Paul Tagliamonte (the ftpmaster behind the curtain)
--- End Message ---
