-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 May 2025 23:40:38 +0200
Source: angular.js
Architecture: source
Version: 1.8.3-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1014779 1036694 1088804 1088805 1104485
Changes:
 angular.js (1.8.3-1+deb12u1) bookworm; urgency=medium
 .
   * Team upload
   * Move to js team umbrella
   * Fix CVE-2022-25844 (Closes: #1014779)
     A Regular Expression Denial of Service vulnerability (ReDoS)
     was found by providing a custom locale rule that makes
     it possible to assign the parameter in posPre: ' '.repeat()
     of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value
   * Fix CVE-2023-26116 (Closes: #1036694)
     A Regular Expression Denial of Service (ReDoS) was found
     via the angular.copy() utility function due to the usage
     of an insecure regular expression.
   * Fix CVE-2023-26117:
     A Regular Expression Denial of Service (ReDoS) was found
     via the $resource service due to the usage of an insecure
     regular expression.
   * Fix CVE-2023-26118:
     A Regular Expression Denial of Service (ReDoS) was found
     via the <input type="url"> element due to the usage of an
     insecure regular expression in the input[url] functionality.
     Exploiting this vulnerability is possible by a large
     carefully-crafted input, which can result in catastrophic
     backtracking.
   * Fix CVE-2024-8372: (Closes: #1088804)
     Improper sanitization of the value of the 'srcset'
     attribute in AngularJS allows attackers to bypass
     common image source restrictions, which can also
     lead to a form of Content Spoofing
   * Fix CVE-2024-8373: (Closes: #1088805)
     Improper sanitization of the value of the [srcset]
     attribute in <source> HTML elements in AngularJS allows
     attackers to bypass common image source restrictions,
     which can also lead to a form of Content Spoofing
   * Fix CVE-2024-21490:
     A regular expression used to split
     the value of the ng-srcset directive is vulnerable to
     super-linear runtime due to backtracking. With large
     carefully-crafted input, this can result in catastrophic
     backtracking and cause a denial of service.
   * Fix CVE-2025-0716: (Closes: #1104485)
     Improper sanitization of the value of the 'href'
     and 'xlink:href' attributes in '<image>' SVG elements
     in AngularJS allows attackers to bypass common image
     source restrictions. This can lead to a form of
     Content Spoofing .
   * Fix CVE-2025-2336:
     An improper sanitization vulnerability has been identified
     in ngSanitize module, which allows attackers to bypass
     common image source restrictions normally
     applied to image elements. This bypass can further lead to a form of
     Content Spoofing. Similarly, the application's performance and behavior
     could be negatively affected by using too large or slow-to-load images.
Checksums-Sha1:
 925f437d510060045cce9e8a2b400df364c0b6bb 2129 angular.js_1.8.3-1+deb12u1.dsc
 05443b70100ad0b2d0bcbdfa4a32d2356f0b8e75 21440953 angular.js_1.8.3.orig.tar.gz
 9a141a1982aad05ad5740ac9ed61095b5f2d4294 25692 angular.js_1.8.3-1+deb12u1.debian.tar.xz
 f30f27dc5c82700f371afc986fadac87cc99b5cc 5603 angular.js_1.8.3-1+deb12u1_source.buildinfo
Checksums-Sha256:
 423e31b933971d62a38c76b4bb0cfc34726818507e341998d8b56dd629a7c5ee 2129 angular.js_1.8.3-1+deb12u1.dsc
 d7f8d844716fb9cd44f8a4469c0b6006d4eea485879e7e6c26952c7aa0535a40 21440953 angular.js_1.8.3.orig.tar.gz
 2ade7a9f11c94f7742cfdaeccabcbc985815a08126b8ca7652f44389e2fe1ba6 25692 angular.js_1.8.3-1+deb12u1.debian.tar.xz
 6bafd14af43b88f09e062a0a4dc07ddd379f14d1cb191002186d5fc0af6ec9b2 5603 angular.js_1.8.3-1+deb12u1_source.buildinfo
Files:
 659137586dc4034557182cd74dc81e0c 2129 javascript optional angular.js_1.8.3-1+deb12u1.dsc
 3e0bea40c4ebeab0e335478b3073e2e7 21440953 javascript optional angular.js_1.8.3.orig.tar.gz
 84011f7e32396a18d749fde6a15ff365 25692 javascript optional angular.js_1.8.3-1+deb12u1.debian.tar.xz
 68c83824f33c4487a01e2851bf5d182e 5603 javascript optional angular.js_1.8.3-1+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmk0bbcRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9vrQ/9FlJQeJ2+djahkXujYhV14Iw7PdTWiWm8
LwOAF4XFxQ6r557rdzEzADrcAIAmXFzPkNRMmNpBtfJXOGWDb1HB+gcuDyUw9y8i
iQLqOWUj58M0W434A0HMkvPa2PxvOwYK2VQhgRtBbPN0PxfgQM9eoa7pibJMYSK9
MbJncgsHt0c2T5NGbJMtFPdvinnW6x5xSFq0p8LlBN/9etWt78jRnY8t94ljdaN8
LWcSiun21ciR+YU7ZfwrpHPYVsBymomjmGNQg5m+cdBTe8wjhwjXPixq/1WU859d
1T16+0uaU7GRXfW43pk9r7evdo/Ir4NZx9cYgHxPOvNV3Jbvl2gm22pWhBfCGA6F
Sp6pJSN5pWo8Du06JscGrwzXU6W4iv8Eznjof3NA4vvDc3fT71A5EU54OCgew6Tl
I0VUQQcoyiKgwFKz07AKGZorOBXwOce4OO4qfn97Adk4+5m/ikUSExG7yFip57vz
00bE6DB50Abj/2iqdMdhWZdpfKKYzDZLQrzb9btb5nOtJOC771mrFXkvkRinmWYv
LxtnuqSVSrlg4ruNNSmwElw7krwHiBfoP2ikUNzEC4z4tG7/ARLIra/FXPDuBno0
SDQe1GpxmT5FwjY2MszBB4v/iQWcOWcSiLFMy7+RnWsqvNkxoF2BvhaaotRoSGMC
sX8jRWk7Bdg=
=0C38
-----END PGP SIGNATURE-----