XPost: linux.debian.devel.release
This is a multi-part message in MIME format.
--nextPart15440588.lVVuGzaMjS
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="utf-8"
Package: release.debian.org
Severity: normal
X-Debbugs-Cc:
[email protected],
[email protected]
Control: affects -1 + src:angular.js
User:
[email protected]
Usertags: unblock
Please unblock package angular.js
[ Reason ]
Fix 9 CVEs easy to hit for some. Only one is not closed but it need internet explorer
[ Impact ]
CVEs are opened
[ Tests ]
jsdom test autopkgtest
[ Risks ]
Low
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
unblock angular.js/1.8.3-3
--nextPart15440588.lVVuGzaMjS
Content-Disposition: attachment; filename="angular.debdiff" Content-Transfer-Encoding: quoted-printable
Content-Type: text/x-patch; charset="UTF-8"; name="angular.debdiff"
diff -Nru angular.js-1.8.3/debian/changelog angular.js-1.8.3/debian/changelog --- angular.js-1.8.3/debian/changelog 2023-02-12 07:45:48.000000000 +0100
+++ angular.js-1.8.3/debian/changelog 2025-07-19 23:15:59.000000000 +0200
@@ -1,3 +1,67 @@
+angular.js (1.8.3-3) unstable; urgency=medium
+
+ * Team upload
+ * Multi-Arch foreign
+
+ -- Bastien Roucariès <
[email protected]> Sat, 19 Jul 2025 23:15:59 +0200
+
+angular.js (1.8.3-2) unstable; urgency=medium
+
+ * Team upload
+ * Move to js team umbrella
+ * Fix CVE-2022-25844 (Closes: #1014779)
+ A Regular Expression Denial of Service vulnerability (ReDoS)
+ was found by providing a custom locale rule that makes
+ it possible to assign the parameter in posPre: ' '.repeat()
+ of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
+ * Fix CVE-2023-26116 (Closes: #1036694)
+ A Regular Expression Denial of Service (ReDoS) was found
+ via the angular.copy() utility function due to the usage
+ of an insecure regular expression.
+ * Fix CVE-2023-26117:
+ A Regular Expression Denial of Se