Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b328dc8f by Salvatore Bonaccorso at 2026-06-23T16:32:00+02:00
Track some new angular.js issues

The version in Debian is substantially outdated and hard to track which
issue still affects the ancient version. Mark all issues for now
undetermined.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -340,15 +340,30 @@ CVE-2026-54270 (protobufjs compiles protobuf definitions 
into JavaScript (JS) fu
 CVE-2026-54269 (protobufjs compiles protobuf definitions into JavaScript (JS) 
function ...)
        - node-protobufjs <itp> (bug #977564)
 CVE-2026-54268 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-48r7-hpm6-gfxm
+       NOTE: https://github.com/angular/angular/pull/69197
+       NOTE: 
https://github.com/angular/angular/commit/eeb03f4ea310e2e51ba5d53a421ec7b418e186cd
 CVE-2026-54267 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-rgjc-h3x7-9mwg
+       NOTE: https://github.com/angular/angular/pull/69064
+       NOTE: 
https://github.com/angular/angular/commit/6bde84fa8e6a5770b54040fbbc9bf10d5d0386fa
 CVE-2026-54266 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-39pv-4j6c-2g6v
+       NOTE: https://github.com/angular/angular/pull/69153
+       NOTE: 
https://github.com/angular/angular/commit/5f36274da3f961430ae72865159afa02a1dd9133
 CVE-2026-54265 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-58w9-8g37-x9v5
+       NOTE: https://github.com/angular/angular/pull/69107
+       NOTE: 
https://github.com/angular/angular/commit/3c70270c96677c0dd33585f2afe8e187113e5fb4
 CVE-2026-54264 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-qxh6-94w6-9r5p
+       NOTE: https://github.com/angular/angular/pull/69029
+       NOTE: 
https://github.com/angular/angular/commit/47d68dcb26266316647133ab6385e77fc3e5ae08
 CVE-2026-54100 (A flaw was found in the Windows Machine Config Operator (WMCO) 
for Red ...)
        NOT-FOR-US: Windows Machine Config Operator (WMCO) for Red Hat 
OpenShift Container Platform
 CVE-2026-54099 (A flaw was found in the Windows Machine Config Operator (WMCO) 
for Red ...)
@@ -388,29 +403,47 @@ CVE-2026-53537 (Python-Multipart is a streaming multipart 
parser for Python. Pri
        NOTE: 
https://github.com/Kludex/python-multipart/security/advisories/GHSA-vffw-93wf-4j4q
        NOTE: Fixed by: 
https://github.com/Kludex/python-multipart/commit/3506c15ce99cb62faf2d5ceb3c4c1e5800cb843d
 (0.0.30)
 CVE-2026-52725 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-692r-grfm-v8x7
+       NOTE: https://github.com/angular/angular/pull/68686
+       NOTE: https://github.com/angular/angular/pull/68713
 CVE-2026-50557 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-f3m7-gqxr-g87x
+       NOTE: https://github.com/angular/angular/pull/68689
+       NOTE: https://github.com/angular/angular/pull/68868
 CVE-2026-50556 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-gxx4-3xcv-f8qx
+       NOTE: https://github.com/angular/angular/issues/68903
 CVE-2026-50555 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-hqr9-c56f-3x7
 CVE-2026-50269 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp 3.14.0-1
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m6qw-4cw2-hm4m
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/bf88077ebb14f4c29924b8e8904cba20c55c28b8
 (v3.14.0)
 CVE-2026-50184 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
+       NOTE: https://github.com/angular/angular/pull/68904
 CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich 
editing ...)
        TODO: check
 CVE-2026-50171 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-p3vc-36g9-x9gr
 CVE-2026-50170 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-q6f4-qqrg-jv6x
+       NOTE: https://github.com/angular/angular/pull/67964
 CVE-2026-50169 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m
+       NOTE: https://github.com/angular/angular/pull/67494
 CVE-2026-50168 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-xrxm-cp7j-8xf6
+       NOTE: https://github.com/angular/angular/pull/68928
 CVE-2026-50146 (Astro is a web framework. Prior to 6.3.3, when a component 
uses a clie ...)
        NOT-FOR-US: Astro
 CVE-2026-49356 (Babel is a compiler for writing next generation JavaScript. 
Prior to 8 ...)
@@ -420,7 +453,9 @@ CVE-2026-49241 (The Angular Language Service VS Code 
Extension provides a rich e
 CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS) 
function ...)
        - node-protobufjs <itp> (bug #977564)
 CVE-2026-46417 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-rfh7-fxqc-q52v
+       NOTE: https://github.com/angular/angular/pull/68570
 CVE-2026-44914 (Apache NiFi 1.12.0 through 2.9.0 are missing authorization 
when replac ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44913 (Improper escaping of database table names in the 
CaptureChangeMySQL Pr ...)
@@ -28868,7 +28903,10 @@ CVE-2026-41491 (Dapr is a portable, event-driven, 
runtime for building distribut
 CVE-2026-41487 (Langfuse is an open source large language model engineering 
platform.  ...)
        NOT-FOR-US: Langfuse
 CVE-2026-41423 (Angular is a development platform for building mobile and 
desktop web  ...)
-       TODO: check
+       - angular.js <undetermined>
+       NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-45q2-gjvg-7973
+       NOTE: https://github.com/angular/angular/pull/68194
+       NOTE: 
https://github.com/angular/angular/commit/ede7c58a2aa13fdccc8f0b67ce93ba1c11749412
 CVE-2026-41308 (Password Pusher is an open source application to communicate 
sensitive ...)
        NOT-FOR-US: Password Pusher
 CVE-2026-41161 (Sync-in Server is a secure, open-source platform for file 
storage, sha ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b328dc8f9c60b2820715cd4738677c1b7bbaf139

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b328dc8f9c60b2820715cd4738677c1b7bbaf139
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to