Register | Log in

node-node-forge

Choose email to subscribe with

general

source: node-node-forge (main)
version: 0.10.0~dfsg-3+deb11u1
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Jonas Smedegaard [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.10.0~dfsg-3+deb11u1

versioned links

0.10.0~dfsg-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libjs-node-forge
node-node-forge

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2025-12816: An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
CVE-2025-66030: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
CVE-2025-66031: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Created: 2025-11-26 Last update: 2025-11-27 10:31

news

[2024-10-28] Removed 1.3.0~dfsg-1 from unstable (Debian FTP Masters)
[2022-09-05] node-node-forge REMOVED from testing (Debian testing watch)
[2022-08-20] node-node-forge 1.3.0~dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-08-13] Accepted node-node-forge 0.8.1~dfsg-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-07-02] node-node-forge REMOVED from testing (Debian testing watch)
[2022-05-29] Accepted node-node-forge 0.10.0~dfsg-3+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-03-28] node-node-forge 1.3.0~dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-03-23] Accepted node-node-forge 1.3.0~dfsg-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-02-14] node-node-forge 1.2.1~dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-02-08] Accepted node-node-forge 1.2.1~dfsg-2 (source) into unstable (Jonas Smedegaard)
[2022-02-08] Accepted node-node-forge 1.2.1~dfsg-1 (source) into unstable (Jonas Smedegaard)
[2022-02-08] Accepted node-node-forge 0.10.0~dfsg-4 (source) into unstable (Jonas Smedegaard)
[2020-12-08] node-node-forge 0.10.0~dfsg-3 MIGRATED to testing (Debian testing watch)
[2020-12-02] Accepted node-node-forge 0.10.0~dfsg-3 (source) into unstable (Jonas Smedegaard)
[2020-12-02] Accepted node-node-forge 0.10.0~dfsg-2 (source) into unstable (Jonas Smedegaard)
[2020-09-19] node-node-forge 0.10.0~dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-09-17] Accepted node-node-forge 0.10.0~dfsg-1 (source) into unstable (Jonas Smedegaard)
[2019-10-27] node-node-forge 0.9.1~dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-10-22] Accepted node-node-forge 0.9.1~dfsg-1 (source) into unstable (Jonas Smedegaard)
[2019-09-03] node-node-forge 0.8.5~dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-08-28] Accepted node-node-forge 0.8.5~dfsg-2 (source) into unstable (Jonas Smedegaard)
[2019-07-17] node-node-forge 0.8.5~dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-07-15] Accepted node-node-forge 0.8.5~dfsg-1 (source) into unstable (Jonas Smedegaard)
[2019-03-09] node-node-forge 0.8.1~dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-02-26] Accepted node-node-forge 0.8.1~dfsg-1 (source) into unstable (Jonas Smedegaard)
[2019-01-15] node-node-forge 0.7.6~dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-01-13] Accepted node-node-forge 0.7.6~dfsg-1 (source all) into unstable, unstable (Jonas Smedegaard)
[2019-01-13] Accepted node-node-forge 0.7.6~dfsg-2 (source all) into unstable, unstable (Jonas Smedegaard)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
edit tags
security tracker
screenshots
debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing