Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61f2592e by Salvatore Bonaccorso at 2025-07-20T07:30:28+02:00
Track fixes for angular.js via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14058,7 +14058,7 @@ CVE-2025-31134 (FreshRSS is a self-hosted RSS feed
aggregator. Prior to version
CVE-2025-30415 (Denial of service due to improper handling of malformed input.
The fol ...)
NOT-FOR-US: Acronis
CVE-2025-2336 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
- - angular.js <unfixed> (bug #1107519)
+ - angular.js 1.8.3-2 (bug #1107519)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-2336
NOTE: PoC:
https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c
@@ -25575,7 +25575,7 @@ CVE-2025-1551 (IBM Operational Decision Manager
8.11.0.1, 8.11.1.0, 8.12.0.1, an
CVE-2025-1194 (A Regular Expression Denial of Service (ReDoS) vulnerability
was ident ...)
NOT-FOR-US: huggingface/transformers
CVE-2025-0716 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
- - angular.js <unfixed> (bug #1104485)
+ - angular.js 1.8.3-2 (bug #1104485)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-0716
NOTE: PoC:
https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915
@@ -96044,14 +96044,12 @@ CVE-2024-8604 (A vulnerability classified as
problematic has been found in Sourc
CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software
versions p ...)
NOT-FOR-US: TechExcel Back Office Software
CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in
<sourc ...)
- - angular.js <unfixed> (bug #1088805)
- [trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
+ - angular.js 1.8.3-2 (bug #1088805)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8373
NOTE: PoC:
https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in
Angula ...)
- - angular.js <unfixed> (bug #1088804)
- [trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
+ - angular.js 1.8.3-2 (bug #1088804)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8372
NOTE: PoC:
https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
@@ -157961,8 +157959,7 @@ CVE-2024-23322 (Envoy is a high-performance
edge/middle/service proxy. Envoy wil
CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot
framework wri ...)
NOT-FOR-US: nonebot2
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
- - angular.js <unfixed> (bug #1088803)
- [trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
+ - angular.js 1.8.3-2 (bug #1088803)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <postponed> (Fix along with the next DLA)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
@@ -217325,22 +217322,19 @@ CVE-2023-26120 (This affects all versions of the
package com.xuxueli:xxl-job. HT
CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from
0 and b ...)
NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to
Regular E ...)
- - angular.js <unfixed> (bug #1036694)
- [trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
+ - angular.js 1.8.3-2 (bug #1036694)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
NOTE: PoC:
https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to
Regular E ...)
- - angular.js <unfixed> (bug #1036694)
- [trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
+ - angular.js 1.8.3-2 (bug #1036694)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
NOTE: PoC:
https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to
Regular ...)
- - angular.js <unfixed> (bug #1036694)
- [trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
+ - angular.js 1.8.3-2 (bug #1036694)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
@@ -297769,8 +297763,7 @@ CVE-2022-25846
CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable
to Deser ...)
NOT-FOR-US: com.alibaba:fastjson
CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular
Expression D ...)
- - angular.js <unfixed> (bug #1014779)
- [trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
+ - angular.js 1.8.3-2 (bug #1014779)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - angular.js <not-affected> (vulnerable code not present)
[stretch] - angular.js <not-affected> (vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2592e9cfe8bddfbd2f1859b9df0766c028846
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2592e9cfe8bddfbd2f1859b9df0766c028846
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
