[Git][security-tracker-team/security-tracker][master] Triage embed angular.js issue

@rouca Tue, 06 May 2025 13:22:46 -0700


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8ec06d85 by Bastien Roucariès at 2025-05-06T22:05:13+02:00
Triage embed angular.js issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72917,7 +72917,13 @@ CVE-2024-8373 (Improper sanitization of the value of 
the [srcset] attribute in <
        [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - angular.js <postponed> (Minor issue)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: 
https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
 CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in 
Angula ...)
        - angular.js <unfixed> (bug #1088804)
@@ -72925,7 +72931,13 @@ CVE-2024-8372 (Improper sanitization of the value of 
the 'srcset' attribute in A
        [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - angular.js <postponed> (Minor issue)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: 
https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
 CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and 
August 14,  ...)
        NOT-FOR-US: Rapid7 Insight Platform
@@ -134750,7 +134762,13 @@ CVE-2024-21490 (This affects versions of the package 
angular from 1.3.0. A regul
        [bullseye] - angular.js <no-dsa> (Minor issue)
        [buster] - angular.js <postponed> (Fix along with the next DLA)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
 CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has 
been decl ...)
        NOT-FOR-US: Linksys
@@ -194088,7 +194106,13 @@ CVE-2023-26118 (Versions of the package angular from 
1.4.9 are vulnerable to Reg
        [bullseye] - angular.js <no-dsa> (Minor issue)
        [buster] - angular.js <no-dsa> (Minor issue)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
 CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to 
Regular E ...)
        - angular.js <unfixed> (bug #1036694)
@@ -194097,7 +194121,13 @@ CVE-2023-26117 (Versions of the package angular from 
1.0.0 are vulnerable to Reg
        [bullseye] - angular.js <no-dsa> (Minor issue)
        [buster] - angular.js <no-dsa> (Minor issue)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
 CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to 
Regular  ...)
        - angular.js <unfixed> (bug #1036694)
@@ -194106,7 +194136,13 @@ CVE-2023-26116 (Versions of the package angular from 
1.2.21 are vulnerable to Re
        [bullseye] - angular.js <no-dsa> (Minor issue)
        [buster] - angular.js <no-dsa> (Minor issue)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
 CVE-2023-26115 (All versions of the package word-wrap are vulnerable to 
Regular Expres ...)
        NOT-FOR-US: Node.js word-wrap module
@@ -274466,7 +274502,13 @@ CVE-2022-25869 (All versions of package angular are 
vulnerable to Cross-site Scr
        [bullseye] - angular.js <no-dsa> (Minor issue)
        [buster] - angular.js <no-dsa> (Minor issue)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
 CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are 
vulnerable to  ...)
        NOT-FOR-US: socket.io-client-java
@@ -274529,7 +274571,13 @@ CVE-2022-25844 (The package angular after 1.7.0 are 
vulnerable to Regular Expres
        [buster] - angular.js <no-dsa> (Minor issue, probably even not-affected)
        [stretch] - angular.js <ignored> (Nodejs in stretch not covered by 
security support)
        - civicrm <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
        - openshot-qt <unfixed>
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
 CVE-2022-25843
        RESERVED
@@ -422467,7 +422515,10 @@ CVE-2020-7676 (angular.js prior to 1.8.0 allows 
cross site scripting. The regex-
        [buster] - angular.js <no-dsa> (Minor issue; can be fixed via point 
release)
        [stretch] - angular.js <ignored> (Nodejs in stretch not covered by 
security support)
        [jessie] - angular.js <no-dsa> (Minor issue, low usage of 2014-era 
Nodejs)
-       - openshot-qt <unfixed>
+       - openshot-qt
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: https://github.com/angular/angular.js/pull/17028
        NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
 CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code 
Execution. ...)
@@ -468820,7 +468871,13 @@ CVE-2019-10768 (In AngularJS before 1.7.9 the 
function `merge()` could be tricke
        [stretch] - angular.js <ignored> (Nodejs in stretch not covered by 
security support)
        [jessie] - angular.js <not-affected> (vulnerable code is not present, 
deep merging introduced later)
        - civicrm <unfixed>
-       - openshot-qt <unfixed>
+       [trixie] - civicrm <postponed> (Minor issue)
+       [bookworm] - civicrm <postponed> (Minor issue)
+       [bullseye] - civicrm <postponed> (Minor issue)
+       - openshot-qt
+       [trixie] - openshot-qt <postponed> (Minor issue)
+       [bookworm] - openshot-qt <postponed> (Minor issue)
+       [bullseye] - openshot-qt <postponed> (Minor issue)
        NOTE: 
https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
        NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
 CVE-2019-10767 (An attacker can include file contents from outside the 
`/adapter/xxx/` ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec06d851d8953bbcec2936900496f8d42cb3a65

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ec06d851d8953bbcec2936900496f8d42cb3a65
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage embed angular.js issue

Reply via email to