The 4.4.3 release of ckeditor fixes a cross-site scripting (XSS) flaw in ckeditor: http://ckeditor.com/release/CKEditor-4.4.3 This may be the fix: https://github.com/ckeditor/ckeditor-dev/commit/fd4f17ce11eb398e844c9056c0e25087492a122b The ckeditor and drupal7-ckeditor packages in Fedora and EPEL do not have this plug-in. The python-django-ckeditor packages look like they may be affected.
Created python-django-ckeditor tracking bugs for this issue: Affects: fedora-all [bug 1139488] Affects: epel-6 [bug 1139489]
Tried to request if this tracking bug can be closed since all dependent bugs have been closed, but received the following Bugzilla error: > You can't ask Murray McAllister <mmcallis> because that account is disabled. So, closing this bug.