Register | Log in

cryptojs

collection of cryptographic algorithms implemented in JavaScript

Choose email to subscribe with

general

source: cryptojs (main)
version: 3.1.2+dfsg-3
maintainer: Laszlo Boszormenyi (GCS) (DMD)
arch: all
std-ver: 4.5.1
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.2+dfsg-3
oldstable: 3.1.2+dfsg-3

versioned links

3.1.2+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libjs-cryptojs

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-46233: (needs triaging) crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-10-27 Last update: 2025-12-09 16:00

news

[2025-12-09] Removed 3.1.2+dfsg-4 from unstable (Debian FTP Masters)
[2023-12-16] cryptojs REMOVED from testing (Debian testing watch)
[2023-11-27] Accepted cryptojs 3.1.2+dfsg-2+deb10u1 (source) into oldoldstable (Guilhem Moulin)
[2023-11-19] cryptojs 3.1.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2023-11-16] Accepted cryptojs 3.1.2+dfsg-4 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-01-21] cryptojs 3.1.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-01-16] Accepted cryptojs 3.1.2+dfsg-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-01-12] cryptojs 3.1.2+dfsg-2.1 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted cryptojs 3.1.2+dfsg-2.1 (source) into unstable (Holger Levsen)
[2015-10-25] cryptojs 3.1.2+dfsg-2 MIGRATED to testing (Britney)
[2015-10-14] Accepted cryptojs 3.1.2+dfsg-2 (source all) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2015-04-27] cryptojs 3.1.2+dfsg-1 MIGRATED to testing (Britney)
[2014-12-08] Accepted cryptojs 3.1.2+dfsg-1 (source all) into unstable, unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing