[SECURITY] [DLA 4242-1] angular.js security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4242-1] angular.js security update
From: rouca@debian.org
Date: Sun, 20 Jul 2025 00:30:28 +0200
Message-id: <[🔎] 0146cc11071c875ca75403b60532d2c7@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4242-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
July 20, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : angular.js
Version        : 1.8.3-1+deb12u1~deb11u1
CVE ID         : CVE-2022-25844 CVE-2023-26116 CVE-2023-26117 CVE-2023-26118 
                 CVE-2024-8372 CVE-2024-8373 CVE-2024-21490 CVE-2025-0716 
                 CVE-2025-2336
Debian Bug     : #1014779 #1036694 #1088804 #1088805 #1104485

angular.js a popular JavaScript framework was affected by multiple
vulnerabilities.

CVE-2022-25844

    A Regular Expression Denial of Service vulnerability (ReDoS)
    was found by providing a custom locale rule that makes
    it possible to assign the parameter in posPre: ' '.repeat()
    of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value

CVE-2023-26116

    A Regular Expression Denial of Service (ReDoS) was found
    via the angular.copy() utility function due to the usage
    of an insecure regular expression.

CVE-2023-26117

    A Regular Expression Denial of Service (ReDoS) was found
    via the $resource service due to the usage of an insecure
    regular expression.

CVE-2023-26118

    A Regular Expression Denial of Service (ReDoS) was found
    via the <input type="url"> element due to the usage of an
    insecure regular expression in the input[url] functionality.
    Exploiting this vulnerability is possible by a large
    carefully-crafted input, which can result in catastrophic
    backtracking.

CVE-2024-8372

    Improper sanitization of the value of the 'srcset'
    attribute in AngularJS allows attackers to bypass
    common image source restrictions, which can also
    lead to a form of Content Spoofing

CVE-2024-8373

    Improper sanitization of the value of the [srcset]
    attribute in <source> HTML elements in AngularJS allows
    attackers to bypass common image source restrictions,
    which can also lead to a form of Content Spoofing

CVE-2024-21490

    A regular expression used to split
    the value of the ng-srcset directive is vulnerable to
    super-linear runtime due to backtracking. With large
    carefully-crafted input, this can result in catastrophic
    backtracking and cause a denial of service.

CVE-2025-0716

    Improper sanitization of the value of the 'href'
    and 'xlink:href' attributes in '<image>' SVG elements
    in AngularJS allows attackers to bypass common image
    source restrictions. This can lead to a form of
    Content Spoofing .

CVE-2025-2336

    An improper sanitization vulnerability has been identified
    in ngSanitize module, which allows attackers to bypass
    common image source restrictions normally
    applied to image elements. This bypass can further lead to a form of
    Content Spoofing. Similarly, the application's performance and behavior
    could be negatively affected by using too large or slow-to-load images.

For Debian 11 bullseye, these problems have been fixed in version
1.8.3-1+deb12u1~deb11u1.

We recommend that you upgrade your angular.js packages.

For the detailed security status of angular.js please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/angular.js

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmh8HIQACgkQADoaLapB
CF+e3BAAhTYcUqj7nkPbdN1bx13eJdD4rWBcssyfE2aLKE1911NWMMtsLIhbiflo
EETpu+VF2XppkG9JOChjthKgvaQ7YaXY5ertPx5CjeJ/uMSdmkQLwWY3guTPY9kE
TbjXWFizFN5UcjItyutuVcAzdtu9dqJVkUqM9EC4bmQ9nyuOLn2dYTn/c1tYjF2V
qkXZBEknHAjzdH5xiJKJKeI4i+ifHZK74pitwLIHq1hLmEhTLJNXKqULK1JuK1Tu
QvdR03DC32j5Yq5+zvHCpgyEKSTdzABFSTcDSxP2Ea7e74s0etE7+sCkoXOPdm/p
30h3afaY4OjvwPYRo/GDC8qb9aJWTZ4pPVwwuoi+OB5sWtT+UwXXz4QKNrYvg9kC
drJmx+HtgTyDAP777vLLpP13+trTFvtfuBQ+jorvqkp8o9XFu/5GBT+8thK0l0eK
oRPTxeMPWppgN1mM45E/TLyGQm5F22yDqSX5D2r3D490cxCuKQary3Y4hkmdf5Ur
3jvrB9H8Pfbvq0NbzxN4ZAGLeb6++3GGxjWGp/TDbv2rIiBGEHObk+iEEmQv4ojR
TbKUyOC53TzR1nOpNyBtq0d0ANVA1f+ErXRxXXLugl7PHC9LmMPryVFdXjeovY4z
mB4ewn5/9m+JeRGwwUblwhPDWX7cuBI9NhKPtFr/1nCPGtuhJbY=
=HdXg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4241-1] ffmpeg security update
Next by Date: [SECURITY] [DLA 4243-1] batik security update
Previous by thread: [SECURITY] [DLA 4241-1] ffmpeg security update
Next by thread: [SECURITY] [DLA 4243-1] batik security update
Index(es):
- Date
- Thread