[Git][security-tracker-team/security-tracker][master] Track fixes for angular.js via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 20 06:31:22 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61f2592e by Salvatore Bonaccorso at 2025-07-20T07:30:28+02:00
Track fixes for angular.js via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14058,7 +14058,7 @@ CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version
 CVE-2025-30415 (Denial of service due to improper handling of malformed input. The fol ...)
 	NOT-FOR-US: Acronis
 CVE-2025-2336 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
-	- angular.js <unfixed> (bug #1107519)
+	- angular.js 1.8.3-2 (bug #1107519)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-2336
 	NOTE: PoC: https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c
@@ -25575,7 +25575,7 @@ CVE-2025-1551 (IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, an
 CVE-2025-1194 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
 	NOT-FOR-US: huggingface/transformers
 CVE-2025-0716 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
-	- angular.js <unfixed> (bug #1104485)
+	- angular.js 1.8.3-2 (bug #1104485)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-0716
 	NOTE: PoC: https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915
@@ -96044,14 +96044,12 @@ CVE-2024-8604 (A vulnerability classified as problematic has been found in Sourc
 CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software versions p ...)
 	NOT-FOR-US: TechExcel Back Office Software
 CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in <sourc ...)
-	- angular.js <unfixed> (bug #1088805)
-	[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+	- angular.js 1.8.3-2 (bug #1088805)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8373
 	NOTE: PoC: https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
 CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in Angula ...)
-	- angular.js <unfixed> (bug #1088804)
-	[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+	- angular.js 1.8.3-2 (bug #1088804)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8372
 	NOTE: PoC: https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
@@ -157961,8 +157959,7 @@ CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy wil
 CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framework wri ...)
 	NOT-FOR-US: nonebot2
 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
-	- angular.js <unfixed> (bug #1088803)
-	[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+	- angular.js 1.8.3-2 (bug #1088803)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <postponed> (Fix along with the next DLA)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
@@ -217325,22 +217322,19 @@ CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HT
 CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
 	NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
 CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...)
-	- angular.js <unfixed> (bug #1036694)
-	[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+	- angular.js 1.8.3-2 (bug #1036694)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
 	NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
 CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...)
-	- angular.js <unfixed> (bug #1036694)
-	[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+	- angular.js 1.8.3-2 (bug #1036694)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
 	NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
 CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular  ...)
-	- angular.js <unfixed> (bug #1036694)
-	[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+	- angular.js 1.8.3-2 (bug #1036694)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
@@ -297769,8 +297763,7 @@ CVE-2022-25846
 CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...)
 	NOT-FOR-US: com.alibaba:fastjson
 CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
-	- angular.js <unfixed> (bug #1014779)
-	[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+	- angular.js 1.8.3-2 (bug #1014779)
 	[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - angular.js <not-affected> (vulnerable code not present)
 	[stretch] - angular.js <not-affected> (vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2592e9cfe8bddfbd2f1859b9df0766c028846

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2592e9cfe8bddfbd2f1859b9df0766c028846
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250720/a9cb10dd/attachment.htm>

More information about the debian-security-tracker-commits mailing list