UbuntuUpdates.org

Package "angular.js"

Name: angular.js

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • lets you write client-side web applications as if you had a smarter browser
Latest version: 1.8.2-2ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "angular.js" in Jammy

Repository Area Version
base universe 1.8.2-2
updates universe 1.8.2-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.8.2-2ubuntu0.1 2026-01-14 10:07:40 UTC

  angular.js (1.8.2-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-25844.patch: Avoid a redos by avoiding regex
    - debian/patches/CVE-2023-26116.patch: Fix the redos by using
      regex.flags
    - debian/patches/CVE-2023-26117.patch: Fix by linear replace a redos
    - debian/patches/CVE-2023-26117.patch: Fix redos via the
      <input type="url"> element
    - debian/patches/CVE-2024-21490.patch: Fix ReDoS vulnerability with
      ng-srcset
    - CVE-2022-25844
    - CVE-2023-26116
    - CVE-2023-26117
    - CVE-2023-26118
    - CVE-2024-21490
  * SECURITY UPDATE: content spoofing issue
    - debian/patches/CVE-2024-8372_8373.patch: Fix improper sanitisation of
      srcset and src on img and source elmenets
    - debian/patches/CVE-2025-0716.patch: Fix improper sanitisation of href
      and xlink:href on SVG image elements
    - debian/patches/CVE-2025-2336.patch: Fix improper sanitisation in
      ngSanitize
    - CVE-2024-8372
    - CVE-2024-8373
    - CVE-2025-0716
    - CVE-2025-2336

 -- Nishit Majithia <email address hidden> Tue, 13 Jan 2026 21:39:41 +0530
CVE-2022-25844 The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possib
CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function du
CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage
CVE-2024-21490 This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to sup
CVE-2023-26118 Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to t
CVE-2024-8372 Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also
CVE-2025-0716 Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common
CVE-2025-2336 Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows atta
CVE-2024-8373 Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source re


About   -   Send Feedback to @ubuntu_updates