Debian Package Tracker - node-url-parse

general

source: node-url-parse (main)
version: 1.2.0-2
maintainer: Debian Javascript Maintainers (archive) [DMD]
uploaders: Thorsten Alteholz [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1.0.5-2
testing: 1.2.0-1
unstable: 1.2.0-2

versioned links

1.0.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

node-url-parse

action needed

A new upstream version is available: 1.4.6 high

A new upstream version 1.4.6 is available, you should consider packaging it.

Created: 2018-04-08 Last update: 2019-04-19 07:09

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2018-3774: Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Please fix it.

Created: 2019-04-17 Last update: 2019-04-18 17:05

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2019-04-18 Last update: 2019-04-19 08:02

11 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 292b03d6c4b403767738d6583e06a3b0f4d32bfc
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:35:15 2019 +0200

    Typo

commit 69f1cf87cfd4504af8754efa398dd080e82d77ba
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:25:14 2019 +0200

    releasing package node-url-parse version 1.2.0-2

commit a7590a9f05fce93b33643aa835ff671ecb90cc94
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:20:08 2019 +0200

    Back to debhelper 9 (freeze)

commit b885c7b276585354b99489f503820091ba98bd60
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:18:16 2019 +0200

    Add upstream/metadata

commit 485a21a6d6ab5d758b6399c5b13f78a15056c998
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:18:06 2019 +0200

    Fix description

commit d7950d8ec1aa429decdc5acfc6e7b5aa6042849c
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:14:01 2019 +0200

    Fix debian/copyright format URL

commit a07ccb89fa64803e86551ff374732f22c4bffb6a
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:13:33 2019 +0200

    Fix VCS fields

commit 199b9bc6ff06023fe292d8f6ddcbf0ca4712b920
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:10:24 2019 +0200

    Enable upstream tests using pkg-js-tools. This adds node-deep-eql, node-object-inspect and node-pathval in build dependencies

commit 97b27d3ce249a2d04d219f1cfeb9e8486cce929d
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:09:29 2019 +0200

    Add patch to fix bad URL parsing (Closes: #906058, CVE-2018-3774)

commit 3e310b174be60cebe392976e6ec3064675286afc
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 09:00:05 2019 +0200

    Declare compliance with policy 4.3.0

commit 4f7dff31516564b85fd6bb229b252c6314ddd320
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 09:00:05 2019 +0200

    Bump debhelper compatibility level to 11

Created: 2019-04-16 Last update: 2019-04-18 15:10

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-3774: Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Please fix it.

Created: 2019-04-17 Last update: 2019-04-18 17:05

testing migrations

excuses:
- 3 days old (2 needed)
- node-url-parse/armel unsatisfiable Depends: nodejs
- Piuparts tested OK - https://piuparts.debian.org/sid/source/n/node-url-parse.html
- Required age reduced by 3 days because of autopkgtest
- Checking build-dependency on amd64
- Not touching package due to block request by freeze (please contact debian-release if update is needed)
- Not considered

news

[rss feed]

[2019-04-16] Accepted node-url-parse 1.2.0-2 (source) into unstable (Xavier Guimard)
[2018-01-08] node-url-parse 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2018-01-02] Accepted node-url-parse 1.2.0-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2016-02-20] node-url-parse 1.0.5-2 MIGRATED to testing (Debian testing watch)
[2016-02-14] Accepted node-url-parse 1.0.5-2 (source all) into unstable (Thorsten Alteholz)
[2016-02-13] node-url-parse 1.0.5-1 MIGRATED to testing (Debian testing watch)
[2016-02-07] Accepted node-url-parse 1.0.5-1 (source all) into unstable (Thorsten Alteholz)
[2015-09-06] Accepted node-url-parse 1.0.2-1 (source all) into unstable, unstable (Thorsten Alteholz)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.0-1