Thank you for your contribution to Debian.
Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 11 May 2025 23:40:38 +0200 Source: angular.js Architecture: source Version: 1.8.3-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Javascript Maintainers <[email protected]> Changed-By: Bastien Roucariès <[email protected]> Closes: 1014779 1036694 1088804 1088805 1104485 Changes: angular.js (1.8.3-1+deb12u1) bookworm; urgency=medium . * Team upload * Move to js team umbrella * Fix CVE-2022-25844 (Closes: #1014779) A Regular Expression Denial of Service vulnerability (ReDoS) was found by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value * Fix CVE-2023-26116 (Closes: #1036694) A Regular Expression Denial of Service (ReDoS) was found via the angular.copy() utility function due to the usage of an insecure regular expression. * Fix CVE-2023-26117: A Regular Expression Denial of Service (ReDoS) was found via the $resource service due to the usage of an insecure regular expression. * Fix CVE-2023-26118: A Regular Expression Denial of Service (ReDoS) was found via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. * Fix CVE-2024-8372: (Closes: #1088804) Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing * Fix CVE-2024-8373: (Closes: #1088805) Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing * Fix CVE-2024-21490: A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. * Fix CVE-2025-0716: (Closes: #1104485) Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing . * Fix CVE-2025-2336: An improper sanitization vulnerability has been identified in ngSanitize module, which allows attackers to bypass common image source restrictions normally applied to image elements. This bypass can further lead to a form of Content Spoofing. Similarly, the application's performance and behavior could be negatively affected by using too large or slow-to-load images. Checksums-Sha1: 925f437d510060045cce9e8a2b400df364c0b6bb 2129 angular.js_1.8.3-1+deb12u1.dsc 05443b70100ad0b2d0bcbdfa4a32d2356f0b8e75 21440953 angular.js_1.8.3.orig.tar.gz 9a141a1982aad05ad5740ac9ed61095b5f2d4294 25692 angular.js_1.8.3-1+deb12u1.debian.tar.xz f30f27dc5c82700f371afc986fadac87cc99b5cc 5603 angular.js_1.8.3-1+deb12u1_source.buildinfo Checksums-Sha256: 423e31b933971d62a38c76b4bb0cfc34726818507e341998d8b56dd629a7c5ee 2129 angular.js_1.8.3-1+deb12u1.dsc d7f8d844716fb9cd44f8a4469c0b6006d4eea485879e7e6c26952c7aa0535a40 21440953 angular.js_1.8.3.orig.tar.gz 2ade7a9f11c94f7742cfdaeccabcbc985815a08126b8ca7652f44389e2fe1ba6 25692 angular.js_1.8.3-1+deb12u1.debian.tar.xz 6bafd14af43b88f09e062a0a4dc07ddd379f14d1cb191002186d5fc0af6ec9b2 5603 angular.js_1.8.3-1+deb12u1_source.buildinfo Files: 659137586dc4034557182cd74dc81e0c 2129 javascript optional angular.js_1.8.3-1+deb12u1.dsc 3e0bea40c4ebeab0e335478b3073e2e7 21440953 javascript optional angular.js_1.8.3.orig.tar.gz 84011f7e32396a18d749fde6a15ff365 25692 javascript optional angular.js_1.8.3-1+deb12u1.debian.tar.xz 68c83824f33c4487a01e2851bf5d182e 5603 javascript optional angular.js_1.8.3-1+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmk0bbcRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9vrQ/9FlJQeJ2+djahkXujYhV14Iw7PdTWiWm8 LwOAF4XFxQ6r557rdzEzADrcAIAmXFzPkNRMmNpBtfJXOGWDb1HB+gcuDyUw9y8i iQLqOWUj58M0W434A0HMkvPa2PxvOwYK2VQhgRtBbPN0PxfgQM9eoa7pibJMYSK9 MbJncgsHt0c2T5NGbJMtFPdvinnW6x5xSFq0p8LlBN/9etWt78jRnY8t94ljdaN8 LWcSiun21ciR+YU7ZfwrpHPYVsBymomjmGNQg5m+cdBTe8wjhwjXPixq/1WU859d 1T16+0uaU7GRXfW43pk9r7evdo/Ir4NZx9cYgHxPOvNV3Jbvl2gm22pWhBfCGA6F Sp6pJSN5pWo8Du06JscGrwzXU6W4iv8Eznjof3NA4vvDc3fT71A5EU54OCgew6Tl I0VUQQcoyiKgwFKz07AKGZorOBXwOce4OO4qfn97Adk4+5m/ikUSExG7yFip57vz 00bE6DB50Abj/2iqdMdhWZdpfKKYzDZLQrzb9btb5nOtJOC771mrFXkvkRinmWYv LxtnuqSVSrlg4ruNNSmwElw7krwHiBfoP2ikUNzEC4z4tG7/ARLIra/FXPDuBno0 SDQe1GpxmT5FwjY2MszBB4v/iQWcOWcSiLFMy7+RnWsqvNkxoF2BvhaaotRoSGMC sX8jRWk7Bdg= =0C38 -----END PGP SIGNATURE-----
pgpUuBir2bWYR.pgp
Description: PGP signature
-- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
