haskell-crypton-x509 - Debian Package Tracker

general

source: haskell-crypton-x509 (main)
version: 1.7.7-2
maintainer: Debian Haskell Group (archive) (DMD)
uploaders: Ilias Tsitsimpis [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1.7.7-1
testing: 1.7.7-2
unstable: 1.7.7-2

versioned links

1.7.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.7-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libghc-crypton-x509-dev
libghc-crypton-x509-doc
libghc-crypton-x509-prof

action needed

A new upstream version is available: 1.9.1 high

A new upstream version 1.9.1 is available, you should consider packaging it.

Created: 2026-03-16 Last update: 2026-06-26 06:49

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

Error running git -c gc.auto=200 -c gc.autoPackLimit=4 fetch --depth 50 --prune --force origin *:*

Created: 2026-04-15 Last update: 2026-06-21 09:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-9648: The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

Created: 2026-06-19 Last update: 2026-06-19 21:01

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-9648: The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

Created: 2026-06-19 Last update: 2026-06-19 21:01

lintian reports 8 errors and 3 warnings high

Lintian reports 8 errors and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-10-03 Last update: 2026-04-02 22:31

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-03-18 Last update: 2026-06-26 02:30

2 open merge requests in Salsa normal

There are 2 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2026-04-07 12:00

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-9648: (needs triaging) The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-19 Last update: 2026-06-19 21:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01

news

[rss feed]

[2026-02-27] haskell-crypton-x509 1.7.7-2 MIGRATED to testing (Debian testing watch)
[2026-01-11] Accepted haskell-crypton-x509 1.7.7-2 (source) into unstable (Clint Adams)
[2024-10-19] haskell-crypton-x509 1.7.7-1 MIGRATED to testing (Debian testing watch)
[2024-09-27] Accepted haskell-crypton-x509 1.7.7-1 (source) into unstable (Ilias Tsitsimpis)
[2024-02-16] haskell-crypton-x509 1.7.6-2 MIGRATED to testing (Debian testing watch)
[2024-02-11] Accepted haskell-crypton-x509 1.7.6-2 (source) into unstable (Ilias Tsitsimpis)
[2024-02-04] Accepted haskell-crypton-x509 1.7.6-1 (source amd64 all) into unstable (Debian FTP Masters) (signed by: Ilias Tsitsimpis)

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (8, 3)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.7.7-2