Debian Package Tracker
Register | Log in
Subscribe

iotjs

Javascript Framework for Internet of Things

Choose email to subscribe with

general
  • source: iotjs (main)
  • version: 1.0+715-1
  • maintainer: Debian Javascript Maintainers (archive) (DMD)
  • uploaders: Philippe Coval [DMD]
  • arch: any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 1.0-1
  • testing: 1.0+715-1
  • unstable: 1.0+715-1
versioned links
  • 1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.0+715-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • iotjs
  • iotjs-dev
action needed
Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high
vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: unable to update url base from redirection: asked for: https://salsa.debian.org/js-team/iotjs.git#debian/master/info/refs?service=git-upload-pack redirect: https://salsa.debian.org/users/sign_in
Created: 2020-07-29 Last update: 2021-01-16 14:34
1 security issue in sid high
There is 1 open security issue in sid.
1 important issue:
  • CVE-2020-24344: JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
Please fix it.
Created: 2020-12-13 Last update: 2021-01-09 12:30
1 security issue in bullseye high
There is 1 open security issue in bullseye.
1 important issue:
  • CVE-2020-24344: JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
Please fix it.
Created: 2020-12-13 Last update: 2021-01-09 12:30
Multiarch hinter reports 1 issue(s) normal
There are issues with the multiarch metadata for this package.
  • iotjs-dev could be marked Multi-Arch: same
Created: 2020-10-21 Last update: 2021-01-22 07:02
8 ignored security issues in buster low
There are 8 open security issues in buster.
8 issues skipped by the security teams:
  • CVE-2017-14749: JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
  • CVE-2017-18212: An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.
  • CVE-2018-1000636: JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.
  • CVE-2018-11418: An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.
  • CVE-2018-11419: An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.
  • CVE-2019-1010176: JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.
  • CVE-2020-13649: parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
  • CVE-2020-24344: JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
Please fix them.
Created: 2020-12-13 Last update: 2021-01-09 12:30
Build log checks report 2 warnings low
Build log checks report 2 warnings
Created: 2018-03-15 Last update: 2020-10-21 05:20
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2020-11-17 05:41
news
[rss feed]
  • [2020-10-26] iotjs 1.0+715-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-26] iotjs 1.0+715-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-20] Accepted iotjs 1.0+715-1 (source) into unstable (Philippe Coval) (signed by: Xavier Guimard)
  • [2020-08-04] iotjs 1.0-2 MIGRATED to testing (Debian testing watch)
  • [2020-07-29] Accepted iotjs 1.0-2 (source) into unstable (Philippe Coval) (signed by: Bart Martens)
  • [2018-03-25] iotjs 1.0-1 MIGRATED to testing (Debian testing watch)
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 0
  • M&W: 1
  • F&P: 1
  • patch: 0
links
  • homepage
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.0-2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing