node-katex - Debian Package Tracker

general

source: node-katex (main)
version: 0.16.10+~cs6.1.0-2
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Pirate Praveen [DMD]
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.10.2+dfsg-8
stable: 0.16.4+~cs6.1.0-1
testing: 0.16.10+~cs6.1.0-2
unstable: 0.16.10+~cs6.1.0-2

versioned links

0.10.2+dfsg-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.4+~cs6.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.10+~cs6.1.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

fonts-katex
katex (2 bugs: 0, 1, 1, 0)
libjs-katex

action needed

A new upstream version is available: 0.16.11+~cs6.1.0 high

A new upstream version 0.16.11+~cs6.1.0 is available, you should consider packaging it.

Created: 2024-07-05 Last update: 2024-11-21 14:03

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2024-02-25 Last update: 2024-11-21 15:31

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-03-27 Last update: 2024-03-27 22:35

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2024-28243: (needs triaging) KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
CVE-2024-28244: (needs triaging) KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.
CVE-2024-28245: (needs triaging) KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
CVE-2024-28246: (needs triaging) KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-03-25 Last update: 2024-08-15 08:30

debian/patches: 6 patches to forward upstream low

Among the 8 debian patches available in version 0.16.10+~cs6.1.0-2 of the package, we noticed the following issues:

6 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-03-27 22:15

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.6.2).

Created: 2024-04-07 Last update: 2024-04-07 13:14

news

[rss feed]

[2024-03-29] node-katex 0.16.10+~cs6.1.0-2 MIGRATED to testing (Debian testing watch)
[2024-03-27] Accepted node-katex 0.16.10+~cs6.1.0-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2024-03-27] Accepted node-katex 0.16.10+~cs6.1.0-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-12-12] node-katex 0.16.4+~cs6.1.0-1 MIGRATED to testing (Debian testing watch)
[2022-12-09] Accepted node-katex 0.16.4+~cs6.1.0-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-11-29] node-katex 0.16.3+~cs6.1.0-1 MIGRATED to testing (Debian testing watch)
[2022-11-26] Accepted node-katex 0.16.3+~cs6.1.0-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-10-30] node-katex 0.16.2+~cs6.1.0-5 MIGRATED to testing (Debian testing watch)
[2022-10-28] Accepted node-katex 0.16.2+~cs6.1.0-5 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-09-21] node-katex 0.16.2+~cs6.1.0-4 MIGRATED to testing (Debian testing watch)
[2022-09-18] Accepted node-katex 0.16.2+~cs6.1.0-4 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-09-18] Accepted node-katex 0.16.2+~cs6.1.0-3 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-09-06] node-katex 0.16.2+~cs6.1.0-2 MIGRATED to testing (Debian testing watch)
[2022-09-04] Accepted node-katex 0.16.2+~cs6.1.0-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-09-04] Accepted node-katex 0.16.2+~cs6.1.0-1 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2022-03-19] node-katex 0.13.11+~cs6.0.0-3 MIGRATED to testing (Debian testing watch)
[2022-03-19] node-katex 0.13.11+~cs6.0.0-3 MIGRATED to testing (Debian testing watch)
[2022-03-17] Accepted node-katex 0.13.11+~cs6.0.0-3 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-02-13] node-katex 0.13.11+~cs6.0.0-2 MIGRATED to testing (Debian testing watch)
[2022-02-08] Accepted node-katex 0.13.11+~cs6.0.0-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2022-01-21] Accepted node-katex 0.13.11+~cs6.0.0-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2022-01-19] node-katex 0.10.2+dfsg-10 MIGRATED to testing (Debian testing watch)
[2022-01-13] Accepted node-katex 0.10.2+dfsg-10 (source) into unstable (Jonas Smedegaard)
[2022-01-03] node-katex 0.10.2+dfsg-9 MIGRATED to testing (Debian testing watch)
[2021-12-28] Accepted node-katex 0.10.2+dfsg-9 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-01-20] Accepted node-katex 0.10.2+dfsg-8~bpo10+1 (source all) into buster-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-01-18] node-katex 0.10.2+dfsg-8 MIGRATED to testing (Debian testing watch)
[2021-01-18] node-katex 0.10.2+dfsg-8 MIGRATED to testing (Debian testing watch)
[2021-01-13] Accepted node-katex 0.10.2+dfsg-8 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-01-12] Accepted node-katex 0.10.2+dfsg-7 (source) into unstable (Xavier Guimard)

bugs [bug history graph]

all: 6
RC: 0
I&N: 3
M&W: 3
F&P: 0
patch: 1

links

homepage
lintian (0, 2)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.16.10+~cs6.1.0-2