Register | Log in

binaryen

compiler and toolchain infrastructure library for WebAssembly

Choose email to subscribe with

general

source: binaryen (main)
version: 120-4
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Markus Koschany [DMD] – Jérémy Lal [DMD]
arch: any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 99-3
oldstable: 108-1
stable: 120-4
testing: 120-4
unstable: 120-4

versioned links

99-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
108-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
120-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

binaryen

action needed

A new upstream version is available: 125 high

A new upstream version 125 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2025-12-22 18:03

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2025-14956: A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
CVE-2025-14957: A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.

Created: 2025-12-19 Last update: 2025-12-21 10:02

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2025-14956: A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
CVE-2025-14957: A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.

Created: 2025-12-19 Last update: 2025-12-21 10:02

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2025-14956: A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
CVE-2025-14957: A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.

Created: 2025-12-19 Last update: 2025-12-21 10:02

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2025-14956: A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
CVE-2025-14957: A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.

Created: 2025-12-19 Last update: 2025-12-21 10:02

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2025-14956: A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
CVE-2025-14957: A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.

Created: 2025-12-19 Last update: 2025-12-21 10:02

lintian reports 1 error high

Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.

Created: 2025-02-14 Last update: 2025-04-14 03:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).

Created: 2022-12-17 Last update: 2025-04-14 01:25

news

[2025-04-24] binaryen 120-4 MIGRATED to testing (Debian testing watch)
[2025-04-13] Accepted binaryen 120-4 (source) into unstable (Jérémy Lal)
[2025-02-27] Removed 122-3 from experimental (Debian FTP Masters)
[2025-02-17] binaryen 120-3 MIGRATED to testing (Debian testing watch)
[2025-02-14] Accepted binaryen 120-3 (source) into unstable (Jérémy Lal)
[2025-02-14] Accepted binaryen 120-2 (source) into unstable (Jérémy Lal)
[2025-02-13] Accepted binaryen 120-1 (source) into unstable (Jérémy Lal)
[2025-02-08] Accepted binaryen 122-3 (source) into experimental (Jérémy Lal)
[2025-02-08] Accepted binaryen 122-2 (source) into experimental (Jérémy Lal)
[2025-02-07] Accepted binaryen 122-1.1 (source) into experimental (Jérémy Lal)
[2023-09-15] Accepted binaryen 116-1 (source) into experimental (Markus Koschany)
[2023-03-04] Accepted binaryen 112-1 (source) into experimental (Markus Koschany)
[2022-07-13] binaryen 108-1 MIGRATED to testing (Debian testing watch)
[2022-05-28] Accepted binaryen 108-1 (source) into unstable (Markus Koschany)
[2022-04-29] Accepted binaryen 106-1 (source) into unstable (Markus Koschany)
[2022-01-21] binaryen 105-1 MIGRATED to testing (Debian testing watch)
[2022-01-16] Accepted binaryen 105-1 (source) into unstable (Markus Koschany)
[2021-12-27] binaryen 104-1 MIGRATED to testing (Debian testing watch)
[2021-12-21] Accepted binaryen 104-1 (source) into unstable (Markus Koschany)
[2021-12-17] binaryen 103-1 MIGRATED to testing (Debian testing watch)
[2021-12-12] Accepted binaryen 103-1 (source) into unstable (Markus Koschany)
[2021-09-22] binaryen 102-1 MIGRATED to testing (Debian testing watch)
[2021-09-14] binaryen 101-1 MIGRATED to testing (Debian testing watch)
[2021-09-13] Accepted binaryen 102-1 (source) into unstable (Markus Koschany)
[2021-08-18] Accepted binaryen 101-1 (source) into unstable (Markus Koschany)
[2021-03-09] Accepted binaryen 100-1 (source) into experimental (Markus Koschany)
[2021-02-08] binaryen 99-3 MIGRATED to testing (Debian testing watch)
[2021-02-02] Accepted binaryen 99-3 (source) into unstable (Markus Koschany)
[2021-01-26] binaryen 99-2 MIGRATED to testing (Debian testing watch)
[2021-01-11] Accepted binaryen 99-2 (source) into unstable (Markus Koschany)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 0)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 120-4

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing