[ubuntu/plucky-security] angular.js 1.8.3-1ubuntu0.25.04.1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Wed Jan 14 04:40:29 UTC 2026
angular.js (1.8.3-1ubuntu0.25.04.1) plucky-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-25844.patch: Avoid a redos by avoiding regex
- debian/patches/CVE-2023-26116.patch: Fix the redos by using
regex.flags
- debian/patches/CVE-2023-26117.patch: Fix by linear replace a redos
- debian/patches/CVE-2023-26117.patch: Fix redos via the
<input type="url"> element
- debian/patches/CVE-2024-21490.patch: Fix ReDoS vulnerability with
ng-srcset
- CVE-2022-25844
- CVE-2023-26116
- CVE-2023-26117
- CVE-2023-26118
- CVE-2024-21490
* SECURITY UPDATE: content spoofing issue
- debian/patches/CVE-2024-8372_8373.patch: Fix improper sanitisation of
srcset and src on img and source elmenets
- debian/patches/CVE-2025-0716.patch: Fix improper sanitisation of href
and xlink:href on SVG image elements
- debian/patches/CVE-2025-2336.patch: Fix improper sanitisation in
ngSanitize
- CVE-2024-8372
- CVE-2024-8373
- CVE-2025-0716
- CVE-2025-2336
Date: 2026-01-13 16:19:18.622524+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.25.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list