Register | Log in

node-formidable

Multipart form data parser module for Node.js

Choose email to subscribe with

general

source: node-formidable (main)
version: 3.2.5+20221017git493ec88+~cs4.0.9-1
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Jérémy Lal [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2.1+20200129git8231ea6-1
oldstable: 3.2.5+20221017git493ec88+~cs4.0.9-1
stable: 3.2.5+20221017git493ec88+~cs4.0.9-1
testing: 3.2.5+20221017git493ec88+~cs4.0.9-1
unstable: 3.2.5+20221017git493ec88+~cs4.0.9-1
exp: 3.5.3+~cs11.10.5-1

versioned links

1.2.1+20200129git8231ea6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.5+20221017git493ec88+~cs4.0.9-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.3+~cs11.10.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

node-formidable

action needed

A new upstream version is available: 3.2.5+20260219git44768be+~cs6.5.5 high

A new upstream version 3.2.5+20260219git44768be+~cs6.5.5 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2026-04-13 20:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

Created: 2025-04-27 Last update: 2025-08-14 17:32

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

Created: 2025-08-09 Last update: 2025-08-14 17:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.1).

Created: 2022-12-17 Last update: 2026-03-31 15:01

No known security issue in trixie wishlist

There is 1 open security issue in trixie.

1 ignored issue:

CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

Created: 2025-04-27 Last update: 2025-08-14 17:32

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2025-46653: Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

Created: 2025-04-27 Last update: 2025-08-14 17:32

news

[2026-04-11] Accepted node-formidable 3.5.3+~cs11.10.5-1 (source) into experimental (Xavier Guimard)
[2022-11-04] node-formidable 3.2.5+20221017git493ec88+~cs4.0.9-1 MIGRATED to testing (Debian testing watch)
[2022-11-01] Accepted node-formidable 3.2.5+20221017git493ec88+~cs4.0.9-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-10-12] node-formidable 3.2.4+20220822gitd285a08+~cs4.0.9-1 MIGRATED to testing (Debian testing watch)
[2022-10-09] Accepted node-formidable 3.2.4+20220822gitd285a08+~cs4.0.9-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-07-31] node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 MIGRATED to testing (Debian testing watch)
[2022-07-26] Accepted node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-05-04] node-formidable 3.2.3+20220426git971e3a7+~cs4.0.8-1 MIGRATED to testing (Debian testing watch)
[2022-05-02] Accepted node-formidable 3.2.3+20220426git971e3a7+~cs4.0.8-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-02-22] node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-4 MIGRATED to testing (Debian testing watch)
[2022-02-20] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-4 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-02-20] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-3 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-02-19] Accepted node-formidable 1.2.1+20200129git8231ea6-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-01-27] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-2 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2022-01-09] Accepted node-formidable 3.2.1+20220105git2815e91+~cs4.0.6-1 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2020-08-01] node-formidable 1.2.1+20200129git8231ea6-1 MIGRATED to testing (Debian testing watch)
[2020-07-28] Accepted node-formidable 1.2.1+20200129git8231ea6-1 (source) into unstable (Jérémy Lal)
[2020-06-03] node-formidable 1.2.1-4 MIGRATED to testing (Debian testing watch)
[2020-06-01] Accepted node-formidable 1.2.1-4 (source) into unstable (Xavier Guimard)
[2019-08-06] node-formidable 1.2.1-3 MIGRATED to testing (Debian testing watch)
[2019-08-04] Accepted node-formidable 1.2.1-3 (source) into unstable (Xavier Guimard)
[2019-04-21] node-formidable 1.2.1-2 MIGRATED to testing (Debian testing watch)
[2019-03-28] Accepted node-formidable 1.2.1-2 (source) into unstable (Xavier Guimard)
[2019-03-14] Accepted node-formidable 1.2.1-1 (source) into unstable (Xavier Guimard)
[2013-08-24] node-formidable 1.0.13-1 MIGRATED to testing (Debian testing watch)
[2013-04-16] Accepted node-formidable 1.0.13-1 (source all) (Jérémy Lal)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, exp, reproducibility
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.2.5+20221017git493ec88+~cs4.0.9-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing