File: CVE-2024-8373.patch

package info (click to toggle)
angular.js 1.8.3-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 46,680 kB
  • sloc: javascript: 232,261; sh: 703; pascal: 164; makefile: 139; xml: 6
file content (23 lines) | stat: -rw-r--r-- 882 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
From: Alister Stevens <alister@pebblepad.co.uk>
Date: Wed, 18 Sep 2024 16:10:46 +0100
Subject: CVE-2024-8373

origin: backport, https://github.com/PebblePad/angular.js/commit/7cb36590cdfb23fc2106868b21eb7a78311eb36d
bug-cve: ttps://www.cve.org/CVERecord?id=CVE-2024-8373
---
 src/ng/compile.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ng/compile.js b/src/ng/compile.js
index b90318f..8e7cf98 100644
--- a/src/ng/compile.js
+++ b/src/ng/compile.js
@@ -2235,7 +2235,7 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
         nodeName = nodeName_(this.$$element);
 
         // Sanitize img[srcset] values.
-        if (nodeName === 'img' && key === 'srcset') {
+        if ((nodeName === 'img' || nodeName === 'source') && key === 'srcset') {
           this[key] = value = sanitizeSrcset(value, '$set(\'srcset\', value)');
         }