cryptojs - Debian Package Tracker

general

versioned links

3.1.2+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.2+dfsg-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.2+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.2+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

action needed

A new upstream version is available: 4.2.0 high

A new upstream version 4.2.0 is available, you should consider packaging it.

Created: 2021-01-16 Last update: 2025-05-29 05:31

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 20-day delay is over. Check why.

Created: 2023-12-15 Last update: 2025-05-29 07:32

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

Created: 2016-09-14 Last update: 2025-05-29 05:01

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-46233: (needs triaging) crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-10-27 Last update: 2025-02-27 05:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-02-27 13:25

testing migrations

[2023-12-16] cryptojs REMOVED from testing (Debian testing watch)
[2023-11-27] Accepted cryptojs 3.1.2+dfsg-2+deb10u1 (source) into oldoldstable (Guilhem Moulin)
[2023-11-19] cryptojs 3.1.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2023-11-16] Accepted cryptojs 3.1.2+dfsg-4 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-01-21] cryptojs 3.1.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-01-16] Accepted cryptojs 3.1.2+dfsg-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-01-12] cryptojs 3.1.2+dfsg-2.1 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted cryptojs 3.1.2+dfsg-2.1 (source) into unstable (Holger Levsen)
[2015-10-25] cryptojs 3.1.2+dfsg-2 MIGRATED to testing (Britney)
[2015-10-14] Accepted cryptojs 3.1.2+dfsg-2 (source all) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2015-04-27] cryptojs 3.1.2+dfsg-1 MIGRATED to testing (Britney)
[2014-12-08] Accepted cryptojs 3.1.2+dfsg-1 (source all) into unstable, unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)

bugs [bug history graph]

links