[Pkg-javascript-devel] Bug#1141192: angular.js: Do not release ancient Angular.js version with Debian forky
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 1 06:43:45 BST 2026
Source: angular.js
Version: 1.8.3-3
Severity: serious
Justification: not fit for Debian stable release; should not be released with Debian forky
X-Debbugs-Cc: "László Böszörményi (GCS)" <gcs at debian.org>, Bastien ROUCARIÈS <rouca at debian.org>, team at security.debian.org, debian-release at lists.debian.org, carnil at debian.org
Hi
As discussed with László, filling a 'blocking bug' for Debian forky
for src:angular.js to make sure we have a flag raised to (try) not to
release Debian forky with the ancient angular.js version.
While upstream was rewritten, Angular get regularly CVEs, where
determining if the ancient version is affected as well involves
substantial work.
If it becomes unrealistic to get it removed or replaced accordingly we
might re-evaluate towards the forky release (in sync with the release
team obviously).
Upstream support for AngularJS already ended on 7th April, 2022 and
assuming Debian forky to be released in 2027, we already start with a
5 years unsupported still shipped AngularJS version.
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list