Package "angular.js"

Name:	angular.js
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: lets you write client-side web applications as if you had a smarter browser
Latest version:	1.8.3-1ubuntu0.25.04.1
Release:	plucky (25.04)
Level:	security
Repository:	universe

Links

Raw Package Information

All versions of this package

List of files in package

Repository home page

Other versions of "angular.js" in Plucky

Repository	Area	Version
base	universe	1.8.3-1
updates	universe	1.8.3-1ubuntu0.25.04.1

Packages in group

Deleted packages are displayed in grey.

libjs-angularjs

Changelog

Version: 1.8.3-1ubuntu0.25.04.1 2026-01-14 10:07:44 UTC

angular.js (1.8.3-1ubuntu0.25.04.1) plucky-security; urgency=medium * SECURITY UPDATE: denial of service - debian/patches/CVE-2022-25844.patch: Avoid a redos by avoiding regex - debian/patches/CVE-2023-26116.patch: Fix the redos by using regex.flags - debian/patches/CVE-2023-26117.patch: Fix by linear replace a redos - debian/patches/CVE-2023-26117.patch: Fix redos via the <input type="url"> element - debian/patches/CVE-2024-21490.patch: Fix ReDoS vulnerability with ng-srcset - CVE-2022-25844 - CVE-2023-26116 - CVE-2023-26117 - CVE-2023-26118 - CVE-2024-21490 * SECURITY UPDATE: content spoofing issue - debian/patches/CVE-2024-8372_8373.patch: Fix improper sanitisation of srcset and src on img and source elmenets - debian/patches/CVE-2025-0716.patch: Fix improper sanitisation of href and xlink:href on SVG image elements - debian/patches/CVE-2025-2336.patch: Fix improper sanitisation in ngSanitize - CVE-2024-8372 - CVE-2024-8373 - CVE-2025-0716 - CVE-2025-2336 -- Nishit Majithia <email address hidden> Tue, 13 Jan 2026 21:41:55 +0530

CVE-2022-25844	The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possib
CVE-2023-26116	Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function du
CVE-2023-26117	Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage
CVE-2024-21490	This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to sup
CVE-2023-26118	Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to t
CVE-2024-8372	Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also
CVE-2025-0716	Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common
CVE-2025-2336	Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows atta
CVE-2024-8373	Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source re

About - Send Feedback to @ubuntu_updates