Debian Package Tracker
Register | Log in
Subscribe

node-formidable

Multipart form data parser module for Node.js

Choose email to subscribe with

general
  • source: node-formidable (main)
  • version: 3.2.5+20221017git493ec88+~cs4.0.9-1
  • maintainer: Debian Javascript Maintainers (archive) (DMD)
  • uploaders: Jérémy Lal [DMD]
  • arch: all
  • std-ver: 4.6.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.2.1-2
  • oldstable: 1.2.1+20200129git8231ea6-1
  • stable: 3.2.5+20221017git493ec88+~cs4.0.9-1
  • testing: 3.2.5+20221017git493ec88+~cs4.0.9-1
  • unstable: 3.2.5+20221017git493ec88+~cs4.0.9-1
versioned links
  • 1.2.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.2.1+20200129git8231ea6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.2.5+20221017git493ec88+~cs4.0.9-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • node-formidable
action needed
A new upstream version is available: 3.2.5+20250423gitd0fbec1+~cs6.4.9 high
A new upstream version 3.2.5+20250423gitd0fbec1+~cs6.4.9 is available, you should consider packaging it.
Created: 2022-11-29 Last update: 2025-05-29 12:02
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
Created: 2025-04-27 Last update: 2025-05-05 16:30
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
Created: 2025-04-27 Last update: 2025-05-05 16:30
1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:
  • CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
Created: 2025-04-27 Last update: 2025-05-05 16:30
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 3.2.5+20221126git8611948+~cs4.0.9-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit e65223a5930f723a7c6d27ab887b10fcc1eb9af7
Author: Yadd <yadd@debian.org>
Date:   Tue Apr 23 11:23:22 2024 +0400

    Declare compliance with policy 4.7.0

commit 2d0a70b0a14fa293cceae25985504ee7c1dd180f
Author: Yadd <yadd@debian.org>
Date:   Tue Apr 23 07:23:20 2024 +0000

    Update standards version to 4.6.2, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 822c5b986a9108fc55ea65a9025c3d7b3b69290d
Author: Yadd <yadd@debian.org>
Date:   Wed Nov 30 10:11:33 2022 +0100

    Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse.
    
    Changes-By: lintian-brush

commit cb271c1d056a3f09c240e0d1b5975c86be5cfa19
Author: Yadd <yadd@debian.org>
Date:   Wed Nov 30 10:11:26 2022 +0100

    Add missing build dependency on dh-nodejs for command dh_nodejs_autodocs.
    
    Changes-By: lintian-brush
    Fixes: lintian: missing-build-dependency-for-dh_-command
    See-also: https://lintian.debian.org/tags/missing-build-dependency-for-dh_-command.html

commit 55f9cfd760953166fa2105987c9c652b369d4a33
Author: Yadd <yadd@debian.org>
Date:   Wed Nov 30 09:59:24 2022 +0100

    Update d/ch

commit 997c6f9583fe56c3ed3071b229ca5dbab453c902
Author: Yadd <yadd@debian.org>
Date:   Wed Nov 30 09:58:34 2022 +0100

    Install docs using dh_nodejs_autodocs

commit d8f0c83917729c7b7378394566c37866bff3d68a
Merge: f68beab d3dcdca
Author: Yadd <yadd@debian.org>
Date:   Wed Nov 30 09:50:16 2022 +0100

    Update upstream source from tag 'upstream/3.2.5+20221126git8611948+_cs4.0.9'
    
    Update to upstream version '3.2.5+20221126git8611948+~cs4.0.9'
    with Debian dir aa9a1c5a9d4b57098dd2463456bd5e53f912f71c

commit d3dcdca85f5f409f1cf78afa9ce2725ebf5568d1
Author: Yadd <yadd@debian.org>
Date:   Wed Nov 30 09:50:14 2022 +0100

    New upstream version 3.2.5+20221126git8611948+~cs4.0.9
Created: 2022-11-30 Last update: 2025-05-26 12:02
No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:
  • CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
Created: 2025-04-27 Last update: 2025-05-05 16:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).
Created: 2022-12-17 Last update: 2025-02-27 13:25
news
[rss feed]
  • [2022-11-04] node-formidable 3.2.5+20221017git493ec88+~cs4.0.9-1 MIGRATED to testing (Debian testing watch)
  • [2022-11-01] Accepted node-formidable 3.2.5+20221017git493ec88+~cs4.0.9-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-10-12] node-formidable 3.2.4+20220822gitd285a08+~cs4.0.9-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-09] Accepted node-formidable 3.2.4+20220822gitd285a08+~cs4.0.9-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-07-31] node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 MIGRATED to testing (Debian testing watch)
  • [2022-07-26] Accepted node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-05-04] node-formidable 3.2.3+20220426git971e3a7+~cs4.0.8-1 MIGRATED to testing (Debian testing watch)
  • [2022-05-02] Accepted node-formidable 3.2.3+20220426git971e3a7+~cs4.0.8-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-02-22] node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-4 MIGRATED to testing (Debian testing watch)
  • [2022-02-20] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-4 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-02-20] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-3 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-02-19] Accepted node-formidable 1.2.1+20200129git8231ea6-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-01-27] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-2 (source) into experimental (Yadd) (signed by: Xavier Guimard)
  • [2022-01-09] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-1 (source) into experimental (Yadd) (signed by: Xavier Guimard)
  • [2020-08-01] node-formidable 1.2.1+20200129git8231ea6-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-28] Accepted node-formidable 1.2.1+20200129git8231ea6-1 (source) into unstable (Jérémy Lal)
  • [2020-06-03] node-formidable 1.2.1-4 MIGRATED to testing (Debian testing watch)
  • [2020-06-01] Accepted node-formidable 1.2.1-4 (source) into unstable (Xavier Guimard)
  • [2019-08-06] node-formidable 1.2.1-3 MIGRATED to testing (Debian testing watch)
  • [2019-08-04] Accepted node-formidable 1.2.1-3 (source) into unstable (Xavier Guimard)
  • [2019-04-21] node-formidable 1.2.1-2 MIGRATED to testing (Debian testing watch)
  • [2019-03-28] Accepted node-formidable 1.2.1-2 (source) into unstable (Xavier Guimard)
  • [2019-03-14] Accepted node-formidable 1.2.1-1 (source) into unstable (Xavier Guimard)
  • [2013-08-24] node-formidable 1.0.13-1 MIGRATED to testing (Debian testing watch)
  • [2013-04-16] Accepted node-formidable 1.0.13-1 (source all) (Jérémy Lal)
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 1
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.2.5+20221017git493ec88+~cs4.0.9-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing