Accepted angular.js 1.8.3-2 (source) into unstable
From Debian FTP Masters@21:1/5 to All on Sat Jul 19 23:10:01 2025
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 11 May 2025 23:40:38 +0200
Source: angular.js
Architecture: source
Version: 1.8.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1014779 1036694 1088804 1088805 1104485
Changes:
angular.js (1.8.3-2) unstable; urgency=medium
.
* Team upload
* Move to js team umbrella
* Fix CVE-2022-25844 (Closes: #1014779)
A Regular Expression Denial of Service vulnerability (ReDoS)
was found by providing a custom locale rule that makes
it possible to assign the parameter in posPre: ' '.repeat()
of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
* Fix CVE-2023-26116 (Closes: #1036694)
A Regular Expression Denial of Service (ReDoS) was found
via the angular.copy() utility function due to the usage
of an insecure regular expression.
* Fix CVE-2023-26117:
A Regular Expression Denial of Service (ReDoS) was found
via the $resource service due to the usage of an insecure
regular expression.
* Fix CVE-2023-26118:
A Regular Expression Denial of Service (ReDoS) was found
via the <input type="url"> element due to the usage of an
insecure regular expression in the input[url] functionality.
Exploiting this vulnerability is possible by a large
carefully-crafted input, which can result in catastrophic
backtracking.
* Fix CVE-2024-8372: (Closes: #1088804)
Improper sanitization of the value of the 'srcset'
attribute in AngularJS allows attackers to bypass
common image source restrictions, which can also
lead to a form of Content Spoofing
* Fix CVE-2024-8373: (Closes: #1088805)
Improper sanitization of the value of the [srcset]
attribute in <source> HTML elements in AngularJS allows
attackers to bypass common image source restrictions,
which can also lead to a form of Content Spoofing
* Fix CVE-2024-21490:
A regular expression used to split
the value of the ng-srcset directive is vulnerable to
super-linear runtime due to backtracking. With large
carefully-crafted input, this can result in catastrophic
backtracking and cause a denial of service.
* Fix CVE-2025-0716: (Closes: #1104485)
Improper sanitization of the value of the 'href'
and 'xlink:href' attributes in '<image>' SVG elements
in AngularJS allows attackers to bypass common image
source restrictions. This can lead to a form of
Content Spoofing .
* Fix CVE-2025-2336:
An improper sanitization vulnerability has been identified
in ngSanitize module, which allows attackers to bypass
common image source restrictions normally
applied to image elements. This bypass can further lead to a form of
Content Spoofing. Similarly, the application's performance and behavior
could be negatively affected by using too large or slow-to-load images. Checksums-Sha1:
b596cc179c4b093b1f734a0829351e8d261bc7a2 2072 angular.js_1.8.3-2.dsc
282bf41aa9eac1cab7324c9377da5604b441cff0 25680 angular.js_1.8.3-2.debian.tar.xz
44425eee6f22d8e648f76d32f76ea2a091bda24c 6546 angular.js_1.8.3-2_amd64.buildinfo
Checksums-Sha256:
ea662056e889bef92855d022ce2fa14595c6a5d84ee87ee2980d3a160c7deb52 2072 angular.js_1.8.3-2.dsc
0013d07cdd01644ccae65ee1cd83af487ac941b2d2392ba1ebbbfd451608d748 25680 angular.js_1.8.3-2.debian.tar.xz
071e35446d7162e9e4475d77e931d3be03168bfea15d1626c97d41b16e70dfed 6546 angular.js_1.8.3-2_amd64.buildinfo
Files:
531ba1e75543a8dbfa4793c75f7485f1 2072 javascript optional angular.js_1.8.3-2.dsc
88af6dda306368e567a9759c443b60e4 25680 javascript optional angular.js_1.8.3-2.debian.tar.xz
017798686d54350615f9d308a323fc90 6546 javascript optional angular.js_1.8.3-2_amd64.buildinfo