Debian Package Tracker
Register | Log in
Subscribe

cryptojs

collection of cryptographic algorithms implemented in JavaScript

Choose email to subscribe with

general
  • source: cryptojs (main)
  • version: 3.1.2+dfsg-4
  • maintainer: Laszlo Boszormenyi (GCS) (DMD)
  • arch: all
  • std-ver: 4.6.2
  • VCS: unknown
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.1.2+dfsg-2
  • o-o-sec: 3.1.2+dfsg-2+deb10u1
  • oldstable: 3.1.2+dfsg-3
  • stable: 3.1.2+dfsg-3
  • unstable: 3.1.2+dfsg-4
versioned links
  • 3.1.2+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.1.2+dfsg-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.1.2+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.1.2+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libjs-cryptojs (2 bugs: 0, 2, 0, 0)
action needed
A new upstream version is available: 4.2.0 high
A new upstream version 4.2.0 is available, you should consider packaging it.
Created: 2021-01-16 Last update: 2025-05-28 23:27
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 20-day delay is over. Check why.
Created: 2023-12-15 Last update: 2025-05-29 04:34
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • libjs-cryptojs could be marked Multi-Arch: foreign
Created: 2016-09-14 Last update: 2025-05-29 05:01
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2023-46233: (needs triaging) crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-10-27 Last update: 2025-02-27 05:02
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).
Created: 2024-04-07 Last update: 2025-02-27 13:25
testing migrations
  • excuses:
    • Migration status for cryptojs (- to 3.1.2+dfsg-4): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ Updating cryptojs would introduce bugs in testing: #1056014
    • ∙ ∙ blocked by freeze: is not in testing
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/c/cryptojs.html
    • ∙ ∙ Reproducible on amd64 - info ♻
    • ∙ ∙ Reproducible on arm64 - info ♻
    • ∙ ∙ Reproducible on armhf - info ♻
    • ∙ ∙ Reproducible on i386 - info ♻
    • ∙ ∙ 559 days old (needed 20 days)
    • Not considered
news
[rss feed]
  • [2023-12-16] cryptojs REMOVED from testing (Debian testing watch)
  • [2023-11-27] Accepted cryptojs 3.1.2+dfsg-2+deb10u1 (source) into oldoldstable (Guilhem Moulin)
  • [2023-11-19] cryptojs 3.1.2+dfsg-4 MIGRATED to testing (Debian testing watch)
  • [2023-11-16] Accepted cryptojs 3.1.2+dfsg-4 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2021-01-21] cryptojs 3.1.2+dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2021-01-16] Accepted cryptojs 3.1.2+dfsg-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2021-01-12] cryptojs 3.1.2+dfsg-2.1 MIGRATED to testing (Debian testing watch)
  • [2021-01-06] Accepted cryptojs 3.1.2+dfsg-2.1 (source) into unstable (Holger Levsen)
  • [2015-10-25] cryptojs 3.1.2+dfsg-2 MIGRATED to testing (Britney)
  • [2015-10-14] Accepted cryptojs 3.1.2+dfsg-2 (source all) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2015-04-27] cryptojs 3.1.2+dfsg-1 MIGRATED to testing (Britney)
  • [2014-12-08] Accepted cryptojs 3.1.2+dfsg-1 (source all) into unstable, unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
bugs [bug history graph]
  • all: 3
  • RC: 1
  • I&N: 2
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing