cryptojs - Debian Package Tracker

general

source: cryptojs (main)
version: 3.1.2+dfsg-4
maintainer: Laszlo Boszormenyi (GCS) (DMD)
arch: all
std-ver: 4.6.2
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.2+dfsg-3
oldstable: 3.1.2+dfsg-3
unstable: 3.1.2+dfsg-4

versioned links

3.1.2+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.2+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libjs-cryptojs (2 bugs: 0, 2, 0, 0)

action needed

A new upstream version is available: 4.2.0 high

A new upstream version 4.2.0 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2025-12-05 08:00

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2023-12-15 Last update: 2025-12-05 07:31

RM: This package has been requested to be removed. normal

This package has been requested to be removed. This means that, when this request gets processed by an ftp-master, this package will no longer be in unstable, and will automatically be removed from testing too afterwards. If for some reason you want keep this package in unstable, please discuss so in the bug. Please see bug number #1116676 for more information.

Created: 2025-11-26 Last update: 2025-11-26 08:30

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libjs-cryptojs could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2025-12-05 05:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-46233: (needs triaging) crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-10-27 Last update: 2025-08-10 06:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-02-27 13:25

testing migrations

excuses:
- Migration status for cryptojs (- to 3.1.2+dfsg-4): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating cryptojs would introduce bugs in testing: #1056014
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/c/cryptojs.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ 749 days old (needed 5 days)
- Not considered

news

[rss feed]

[2023-12-16] cryptojs REMOVED from testing (Debian testing watch)
[2023-11-27] Accepted cryptojs 3.1.2+dfsg-2+deb10u1 (source) into oldoldstable (Guilhem Moulin)
[2023-11-19] cryptojs 3.1.2+dfsg-4 MIGRATED to testing (Debian testing watch)
[2023-11-16] Accepted cryptojs 3.1.2+dfsg-4 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-01-21] cryptojs 3.1.2+dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-01-16] Accepted cryptojs 3.1.2+dfsg-3 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2021-01-12] cryptojs 3.1.2+dfsg-2.1 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted cryptojs 3.1.2+dfsg-2.1 (source) into unstable (Holger Levsen)
[2015-10-25] cryptojs 3.1.2+dfsg-2 MIGRATED to testing (Britney)
[2015-10-14] Accepted cryptojs 3.1.2+dfsg-2 (source all) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2015-04-27] cryptojs 3.1.2+dfsg-1 MIGRATED to testing (Britney)
[2014-12-08] Accepted cryptojs 3.1.2+dfsg-1 (source all) into unstable, unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)

bugs [bug history graph]

all: 3
RC: 1
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
debian patches