[Git][security-tracker-team/security-tracker][master] Track some new angular.js issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 23 15:32:07 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b328dc8f by Salvatore Bonaccorso at 2026-06-23T16:32:00+02:00
Track some new angular.js issues

The version in Debian is substantially outdated and hard to track which
issue still affects the ancient version. Mark all issues for now
undetermined.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -340,15 +340,30 @@ CVE-2026-54270 (protobufjs compiles protobuf definitions into JavaScript (JS) fu
 CVE-2026-54269 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
 	- node-protobufjs <itp> (bug #977564)
 CVE-2026-54268 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-48r7-hpm6-gfxm
+	NOTE: https://github.com/angular/angular/pull/69197
+	NOTE: https://github.com/angular/angular/commit/eeb03f4ea310e2e51ba5d53a421ec7b418e186cd
 CVE-2026-54267 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-rgjc-h3x7-9mwg
+	NOTE: https://github.com/angular/angular/pull/69064
+	NOTE: https://github.com/angular/angular/commit/6bde84fa8e6a5770b54040fbbc9bf10d5d0386fa
 CVE-2026-54266 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-39pv-4j6c-2g6v
+	NOTE: https://github.com/angular/angular/pull/69153
+	NOTE: https://github.com/angular/angular/commit/5f36274da3f961430ae72865159afa02a1dd9133
 CVE-2026-54265 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-58w9-8g37-x9v5
+	NOTE: https://github.com/angular/angular/pull/69107
+	NOTE: https://github.com/angular/angular/commit/3c70270c96677c0dd33585f2afe8e187113e5fb4
 CVE-2026-54264 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-qxh6-94w6-9r5p
+	NOTE: https://github.com/angular/angular/pull/69029
+	NOTE: https://github.com/angular/angular/commit/47d68dcb26266316647133ab6385e77fc3e5ae08
 CVE-2026-54100 (A flaw was found in the Windows Machine Config Operator (WMCO) for Red ...)
 	NOT-FOR-US: Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform
 CVE-2026-54099 (A flaw was found in the Windows Machine Config Operator (WMCO) for Red ...)
@@ -388,29 +403,47 @@ CVE-2026-53537 (Python-Multipart is a streaming multipart parser for Python. Pri
 	NOTE: https://github.com/Kludex/python-multipart/security/advisories/GHSA-vffw-93wf-4j4q
 	NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/3506c15ce99cb62faf2d5ceb3c4c1e5800cb843d (0.0.30)
 CVE-2026-52725 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-692r-grfm-v8x7
+	NOTE: https://github.com/angular/angular/pull/68686
+	NOTE: https://github.com/angular/angular/pull/68713
 CVE-2026-50557 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-f3m7-gqxr-g87x
+	NOTE: https://github.com/angular/angular/pull/68689
+	NOTE: https://github.com/angular/angular/pull/68868
 CVE-2026-50556 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-gxx4-3xcv-f8qx
+	NOTE: https://github.com/angular/angular/issues/68903
 CVE-2026-50555 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-hqr9-c56f-3x7
 CVE-2026-50269 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp 3.14.0-1
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m6qw-4cw2-hm4m
 	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/bf88077ebb14f4c29924b8e8904cba20c55c28b8 (v3.14.0)
 CVE-2026-50184 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
+	NOTE: https://github.com/angular/angular/pull/68904
 CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich editing ...)
 	TODO: check
 CVE-2026-50171 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-p3vc-36g9-x9gr
 CVE-2026-50170 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-q6f4-qqrg-jv6x
+	NOTE: https://github.com/angular/angular/pull/67964
 CVE-2026-50169 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m
+	NOTE: https://github.com/angular/angular/pull/67494
 CVE-2026-50168 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-xrxm-cp7j-8xf6
+	NOTE: https://github.com/angular/angular/pull/68928
 CVE-2026-50146 (Astro is a web framework. Prior to 6.3.3, when a component uses a clie ...)
 	NOT-FOR-US: Astro
 CVE-2026-49356 (Babel is a compiler for writing next generation JavaScript. Prior to 8 ...)
@@ -420,7 +453,9 @@ CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich e
 CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
 	- node-protobufjs <itp> (bug #977564)
 CVE-2026-46417 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-rfh7-fxqc-q52v
+	NOTE: https://github.com/angular/angular/pull/68570
 CVE-2026-44914 (Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replac ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44913 (Improper escaping of database table names in the CaptureChangeMySQL Pr ...)
@@ -28868,7 +28903,10 @@ CVE-2026-41491 (Dapr is a portable, event-driven, runtime for building distribut
 CVE-2026-41487 (Langfuse is an open source large language model engineering platform.  ...)
 	NOT-FOR-US: Langfuse
 CVE-2026-41423 (Angular is a development platform for building mobile and desktop web  ...)
-	TODO: check
+	- angular.js <undetermined>
+	NOTE: https://github.com/angular/angular/security/advisories/GHSA-45q2-gjvg-7973
+	NOTE: https://github.com/angular/angular/pull/68194
+	NOTE: https://github.com/angular/angular/commit/ede7c58a2aa13fdccc8f0b67ce93ba1c11749412
 CVE-2026-41308 (Password Pusher is an open source application to communicate sensitive ...)
 	NOT-FOR-US: Password Pusher
 CVE-2026-41161 (Sync-in Server is a secure, open-source platform for file storage, sha ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b328dc8f9c60b2820715cd4738677c1b7bbaf139

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b328dc8f9c60b2820715cd4738677c1b7bbaf139
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/f64c718b/attachment.htm>


More information about the debian-security-tracker-commits mailing list