Source: angular.js Version: 1.8.3-3 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for angular.js. Can you please investigate if this affects the older version in Debian. CVE-2025-4690[0]: | A regular expression used by AngularJS' linky | https://docs.angularjs.org/api/ngSanitize/filter/linky filter to | detect URLs in input text is vulnerable to super-linear runtime due | to backtracking. With a large carefully-crafted input, this can | cause a Regular expression Denial of Service (ReDoS) | https://owasp.org/www- | community/attacks/Regular_expression_Denial_of_Service_-_ReDoS | attack on the application. This issue affects all versions of | AngularJS. Note: The AngularJS project is End-of-Life and will not | receive any updates to address this issue. For more information see | here https://docs.angularjs.org/misc/version-support-status . If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-4690 https://www.cve.org/CVERecord?id=CVE-2025-4690 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
