[Pkg-javascript-devel] angular.js_1.8.3-2_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jul 19 22:04:44 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 11 May 2025 23:40:38 +0200
Source: angular.js
Architecture: source
Version: 1.8.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1014779 1036694 1088804 1088805 1104485
Changes:
angular.js (1.8.3-2) unstable; urgency=medium
.
* Team upload
* Move to js team umbrella
* Fix CVE-2022-25844 (Closes: #1014779)
A Regular Expression Denial of Service vulnerability (ReDoS)
was found by providing a custom locale rule that makes
it possible to assign the parameter in posPre: ' '.repeat()
of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
* Fix CVE-2023-26116 (Closes: #1036694)
A Regular Expression Denial of Service (ReDoS) was found
via the angular.copy() utility function due to the usage
of an insecure regular expression.
* Fix CVE-2023-26117:
A Regular Expression Denial of Service (ReDoS) was found
via the $resource service due to the usage of an insecure
regular expression.
* Fix CVE-2023-26118:
A Regular Expression Denial of Service (ReDoS) was found
via the <input type="url"> element due to the usage of an
insecure regular expression in the input[url] functionality.
Exploiting this vulnerability is possible by a large
carefully-crafted input, which can result in catastrophic
backtracking.
* Fix CVE-2024-8372: (Closes: #1088804)
Improper sanitization of the value of the 'srcset'
attribute in AngularJS allows attackers to bypass
common image source restrictions, which can also
lead to a form of Content Spoofing
* Fix CVE-2024-8373: (Closes: #1088805)
Improper sanitization of the value of the [srcset]
attribute in <source> HTML elements in AngularJS allows
attackers to bypass common image source restrictions,
which can also lead to a form of Content Spoofing
* Fix CVE-2024-21490:
A regular expression used to split
the value of the ng-srcset directive is vulnerable to
super-linear runtime due to backtracking. With large
carefully-crafted input, this can result in catastrophic
backtracking and cause a denial of service.
* Fix CVE-2025-0716: (Closes: #1104485)
Improper sanitization of the value of the 'href'
and 'xlink:href' attributes in '<image>' SVG elements
in AngularJS allows attackers to bypass common image
source restrictions. This can lead to a form of
Content Spoofing .
* Fix CVE-2025-2336:
An improper sanitization vulnerability has been identified
in ngSanitize module, which allows attackers to bypass
common image source restrictions normally
applied to image elements. This bypass can further lead to a form of
Content Spoofing. Similarly, the application's performance and behavior
could be negatively affected by using too large or slow-to-load images.
Checksums-Sha1:
b596cc179c4b093b1f734a0829351e8d261bc7a2 2072 angular.js_1.8.3-2.dsc
282bf41aa9eac1cab7324c9377da5604b441cff0 25680 angular.js_1.8.3-2.debian.tar.xz
44425eee6f22d8e648f76d32f76ea2a091bda24c 6546 angular.js_1.8.3-2_amd64.buildinfo
Checksums-Sha256:
ea662056e889bef92855d022ce2fa14595c6a5d84ee87ee2980d3a160c7deb52 2072 angular.js_1.8.3-2.dsc
0013d07cdd01644ccae65ee1cd83af487ac941b2d2392ba1ebbbfd451608d748 25680 angular.js_1.8.3-2.debian.tar.xz
071e35446d7162e9e4475d77e931d3be03168bfea15d1626c97d41b16e70dfed 6546 angular.js_1.8.3-2_amd64.buildinfo
Files:
531ba1e75543a8dbfa4793c75f7485f1 2072 javascript optional angular.js_1.8.3-2.dsc
88af6dda306368e567a9759c443b60e4 25680 javascript optional angular.js_1.8.3-2.debian.tar.xz
017798686d54350615f9d308a323fc90 6546 javascript optional angular.js_1.8.3-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmh8BHMACgkQADoaLapB
CF9V5hAApo8LPstec672xQ5U3wm5PFbmsL+P3xFXabpvBhr+Fswwb+HFRgCdDlLQ
Lvizs5olOrNZzThQrfDUhuXtkC+c0zL7dZQIa62UC5ufUzBHrkNDY11CirM8PpHk
B4ZOnvY0iQDVJOb9Jkt6kQ9Kx+P5k69rp4xjwZr1Uqc94LJ3vC3hIjH82UOgD/hr
k+hYsJ0eDu6PSG9oz4JNbzdSO8IHjlh+p69y8S/as1QjImPdNME6H6LgJsiTfyk8
bAWA6TPRoybR6CWBSsrDegtnqMZd9D6oYWCK1ivnx0txefg4aNNBsd2siE743RtH
+Sau1jGKvi1Ba3JmFRyYBVxDb9bfGTqTq7qXagl4wInxDFpyQOtw0WNZ4jucwqcv
6u6W/gJmSY+3vgTRv9M6Fjf/XuGEzv1AaAQzgSaUkgMrdPR+9IvOB49BKd969ZDk
+6Ly1kPGBXAQohOF0jqux+srT9C92amMu8IEiePB9LsKCd5jr7gqaPktKSymVpNA
hIaZ0r+nXr8k2+Bz+4gctSTHBuwx0vKI3Xm5doGhSfj81c6UZ7uAmopYcnr/P5ho
B+uaZsSkHhl/04AmY3T9sy34fkRWtjNXUW8InTRmK9WuuNT5HlxFdSCnMbh+Clc3
aQWe0nPtok/jeyjomKHp8vdC8VhZlPP/O/KOvNatV8RV5jGaI5A=
=ofMw
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250719/d555e38f/attachment.sig>
More information about the Pkg-javascript-devel
mailing list