angular.js (1.8.3-3) unstable; urgency=medium * Team upload * Multi-Arch foreign -- Bastien Roucariès Sat, 19 Jul 2025 23:15:59 +0200 angular.js (1.8.3-2) unstable; urgency=medium * Team upload * Move to js team umbrella * Fix CVE-2022-25844 (Closes: #1014779) A Regular Expression Denial of Service vulnerability (ReDoS) was found by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value * Fix CVE-2023-26116 (Closes: #1036694) A Regular Expression Denial of Service (ReDoS) was found via the angular.copy() utility function due to the usage of an insecure regular expression. * Fix CVE-2023-26117: A Regular Expression Denial of Service (ReDoS) was found via the $resource service due to the usage of an insecure regular expression. * Fix CVE-2023-26118: A Regular Expression Denial of Service (ReDoS) was found via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. * Fix CVE-2024-8372: (Closes: #1088804) Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing * Fix CVE-2024-8373: (Closes: #1088805) Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing * Fix CVE-2024-21490: A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. * Fix CVE-2025-0716: (Closes: #1104485) Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing . * Fix CVE-2025-2336: An improper sanitization vulnerability has been identified in ngSanitize module, which allows attackers to bypass common image source restrictions normally applied to image elements. This bypass can further lead to a form of Content Spoofing. Similarly, the application's performance and behavior could be negatively affected by using too large or slow-to-load images. -- Bastien Roucariès Sun, 11 May 2025 23:40:38 +0200 angular.js (1.8.3-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) Sun, 12 Feb 2023 07:45:48 +0100 angular.js (1.8.2-2) unstable; urgency=medium * Change build dependency to uglifyjs (closes: #979889). -- Laszlo Boszormenyi (GCS) Tue, 12 Jan 2021 18:12:31 +0100 angular.js (1.8.2-1) unstable; urgency=medium * New upstream release. * Update watch file. * Update copyright file. * Update debhelper level to 13 . * Update Standards-Version to 4.5.1 . -- Laszlo Boszormenyi (GCS) Tue, 22 Dec 2020 23:17:24 +0100 angular.js (1.8.0-1) unstable; urgency=high * New upstream release: - fixes CVE-2020-7676: prevent possible XSS due to regex-based HTML replacement. * Update Standards-Version to 4.5.0 . -- Laszlo Boszormenyi (GCS) Thu, 18 Jun 2020 09:18:33 +0200 angular.js (1.7.9-1) unstable; urgency=high * New upstream release (closes: #859513): - fixes CVE-2019-10768: function `merge()` could be tricked into adding or modifying properties of `Object.prototype` (closes: #945249). * Update watch file. * Update debhelper level to 11 . * Update Standards-Version to 4.4.1 . -- Laszlo Boszormenyi (GCS) Sun, 01 Dec 2019 15:02:51 +0000 angular.js (1.6.1-1) experimental; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Mon, 02 Jan 2017 21:59:36 +0000 angular.js (1.5.10-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Thu, 22 Dec 2016 21:56:33 +0000 angular.js (1.5.9-1) unstable; urgency=high * New upstream release, with security fixes: - bootstrap: - do not auto-bootstrap when loaded from an extension - explicitly whitelist URL schemes for bootstrap - $location: throw if the path starts with double (back)slashes - $sniffer: don't use history.pushState in sandboxed Chrome Packaged Apps - $parse: - block assigning to fields of a constructor prototype - correctly escape unsafe identifier characters - $compile: - ensure that hidden input values are correct after history.back - lower the $sce context for src on video, audio, source, track -- Laszlo Boszormenyi (GCS) Thu, 08 Dec 2016 18:03:44 +0000 angular.js (1.5.8-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Tue, 15 Nov 2016 16:16:03 +0000 angular.js (1.5.5-1) unstable; urgency=low * New upstream release. * Re-enable minified files as uglify is fixed (closes: #823275). -- Laszlo Boszormenyi (GCS) Mon, 25 Apr 2016 16:04:25 +0000 angular.js (1.5.3-2) unstable; urgency=low * Upload to unstable. * Update Standards-Version to 3.9.8 . -- Laszlo Boszormenyi (GCS) Mon, 11 Apr 2016 15:52:34 +0000 angular.js (1.5.3-1) experimental; urgency=low * New upstream release. * Update smash files. * Update source Lintian overrides. -- Laszlo Boszormenyi (GCS) Sun, 27 Mar 2016 07:47:25 +0000 angular.js (1.3.20-3) unstable; urgency=low * Update source Lintian overrides. * Update Standards-Version to 3.9.7 . [ Eduard Sanou ] * Fix misdetection as binary input in grep when LC_ALL=C (closes: #819325). -- Laszlo Boszormenyi (GCS) Sun, 27 Mar 2016 07:15:57 +0000 angular.js (1.3.20-2) unstable; urgency=low * Don't ship minified files until uglifyjs is updated (closes: #815865). -- Laszlo Boszormenyi (GCS) Mon, 14 Mar 2016 15:55:17 +0000 angular.js (1.3.20-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Sun, 17 Jan 2016 10:03:05 +0100 angular.js (1.3.17-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Tue, 21 Jul 2015 18:58:30 +0000 angular.js (1.3.13-1) experimental; urgency=low * New major upstream release. -- Laszlo Boszormenyi (GCS) Tue, 10 Feb 2015 18:32:00 +0000 angular.js (1.2.28-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) Fri, 26 Dec 2014 14:50:07 +0000 angular.js (1.2.26-1) unstable; urgency=low * New upstream release. * Update Standards-Version to 3.9.6 . -- Laszlo Boszormenyi (GCS) Tue, 07 Oct 2014 18:34:09 +0000 angular.js (1.2.24-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Sat, 13 Sep 2014 20:58:01 +0000 angular.js (1.2.23-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Sat, 23 Aug 2014 17:01:13 +0000 angular.js (1.2.16-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Fri, 04 Apr 2014 19:33:02 +0200 angular.js (1.2.15-1) unstable; urgency=low * New upstream release. * Update packaging for upstream changes. -- Laszlo Boszormenyi (GCS) Tue, 25 Mar 2014 20:30:02 +0100 angular.js (1.2.14-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Sun, 09 Mar 2014 20:32:08 +0100 angular.js (1.2.13-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Mon, 17 Feb 2014 08:37:14 +0000 angular.js (1.2.12-1) unstable; urgency=low * New upstream release. * Rework upstream version and codename determination logic. -- Laszlo Boszormenyi (GCS) Mon, 10 Feb 2014 22:33:15 +0100 angular.js (1.2.11-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Wed, 05 Feb 2014 18:52:55 +0100 angular.js (1.2.10-1) unstable; urgency=low * New upstream release. -- Laszlo Boszormenyi (GCS) Mon, 27 Jan 2014 21:31:11 +0100 angular.js (1.2.9-1) unstable; urgency=low * Initial upload (closes: #730585). -- Laszlo Boszormenyi (GCS) Fri, 17 Jan 2014 00:20:21 +0100