[Pkg-javascript-devel] angular.js_1.8.3-2_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Jul 19 22:04:44 BST 2025


Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 May 2025 23:40:38 +0200
Source: angular.js
Architecture: source
Version: 1.8.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1014779 1036694 1088804 1088805 1104485
Changes:
 angular.js (1.8.3-2) unstable; urgency=medium
 .
   * Team upload
   * Move to js team umbrella
   * Fix CVE-2022-25844 (Closes: #1014779)
     A Regular Expression Denial of Service vulnerability (ReDoS)
     was found by providing a custom locale rule that makes
     it possible to assign the parameter in posPre: ' '.repeat()
     of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
   * Fix CVE-2023-26116 (Closes: #1036694)
     A Regular Expression Denial of Service (ReDoS) was found
     via the angular.copy() utility function due to the usage
     of an insecure regular expression.
   * Fix CVE-2023-26117:
     A Regular Expression Denial of Service (ReDoS) was found
     via the $resource service due to the usage of an insecure
     regular expression.
   * Fix CVE-2023-26118:
     A Regular Expression Denial of Service (ReDoS) was found
     via the <input type="url"> element due to the usage of an
     insecure regular expression in the input[url] functionality.
     Exploiting this vulnerability is possible by a large
     carefully-crafted input, which can result in catastrophic
     backtracking.
   * Fix CVE-2024-8372: (Closes: #1088804)
     Improper sanitization of the value of the 'srcset'
     attribute in AngularJS allows attackers to bypass
     common image source restrictions, which can also
     lead to a form of Content Spoofing
   * Fix CVE-2024-8373: (Closes: #1088805)
     Improper sanitization of the value of the [srcset]
     attribute in <source> HTML elements in AngularJS allows
     attackers to bypass common image source restrictions,
     which can also lead to a form of Content Spoofing
   * Fix CVE-2024-21490:
     A regular expression used to split
     the value of the ng-srcset directive is vulnerable to
     super-linear runtime due to backtracking. With large
     carefully-crafted input, this can result in catastrophic
     backtracking and cause a denial of service.
   * Fix CVE-2025-0716: (Closes: #1104485)
     Improper sanitization of the value of the 'href'
     and 'xlink:href' attributes in '<image>' SVG elements
     in AngularJS allows attackers to bypass common image
     source restrictions. This can lead to a form of
     Content Spoofing .
   * Fix CVE-2025-2336:
     An improper sanitization vulnerability has been identified
     in ngSanitize module, which allows attackers to bypass
     common image source restrictions normally
     applied to image elements. This bypass can further lead to a form of
     Content Spoofing. Similarly, the application's performance and behavior
     could be negatively affected by using too large or slow-to-load images.
Checksums-Sha1:
 b596cc179c4b093b1f734a0829351e8d261bc7a2 2072 angular.js_1.8.3-2.dsc
 282bf41aa9eac1cab7324c9377da5604b441cff0 25680 angular.js_1.8.3-2.debian.tar.xz
 44425eee6f22d8e648f76d32f76ea2a091bda24c 6546 angular.js_1.8.3-2_amd64.buildinfo
Checksums-Sha256:
 ea662056e889bef92855d022ce2fa14595c6a5d84ee87ee2980d3a160c7deb52 2072 angular.js_1.8.3-2.dsc
 0013d07cdd01644ccae65ee1cd83af487ac941b2d2392ba1ebbbfd451608d748 25680 angular.js_1.8.3-2.debian.tar.xz
 071e35446d7162e9e4475d77e931d3be03168bfea15d1626c97d41b16e70dfed 6546 angular.js_1.8.3-2_amd64.buildinfo
Files:
 531ba1e75543a8dbfa4793c75f7485f1 2072 javascript optional angular.js_1.8.3-2.dsc
 88af6dda306368e567a9759c443b60e4 25680 javascript optional angular.js_1.8.3-2.debian.tar.xz
 017798686d54350615f9d308a323fc90 6546 javascript optional angular.js_1.8.3-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmh8BHMACgkQADoaLapB
CF9V5hAApo8LPstec672xQ5U3wm5PFbmsL+P3xFXabpvBhr+Fswwb+HFRgCdDlLQ
Lvizs5olOrNZzThQrfDUhuXtkC+c0zL7dZQIa62UC5ufUzBHrkNDY11CirM8PpHk
B4ZOnvY0iQDVJOb9Jkt6kQ9Kx+P5k69rp4xjwZr1Uqc94LJ3vC3hIjH82UOgD/hr
k+hYsJ0eDu6PSG9oz4JNbzdSO8IHjlh+p69y8S/as1QjImPdNME6H6LgJsiTfyk8
bAWA6TPRoybR6CWBSsrDegtnqMZd9D6oYWCK1ivnx0txefg4aNNBsd2siE743RtH
+Sau1jGKvi1Ba3JmFRyYBVxDb9bfGTqTq7qXagl4wInxDFpyQOtw0WNZ4jucwqcv
6u6W/gJmSY+3vgTRv9M6Fjf/XuGEzv1AaAQzgSaUkgMrdPR+9IvOB49BKd969ZDk
+6Ly1kPGBXAQohOF0jqux+srT9C92amMu8IEiePB9LsKCd5jr7gqaPktKSymVpNA
hIaZ0r+nXr8k2+Bz+4gctSTHBuwx0vKI3Xm5doGhSfj81c6UZ7uAmopYcnr/P5ho
B+uaZsSkHhl/04AmY3T9sy34fkRWtjNXUW8InTRmK9WuuNT5HlxFdSCnMbh+Clc3
aQWe0nPtok/jeyjomKHp8vdC8VhZlPP/O/KOvNatV8RV5jGaI5A=
=ofMw
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250719/d555e38f/attachment.sig>


More information about the Pkg-javascript-devel mailing list