Debian Package Tracker

general

source: nodejs (main)
version: 10.17.0~dfsg-2
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Jérémy Lal [DMD] – Jonas Smedegaard [DMD]
arch: all amd64 arm64 armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel ppc64 ppc64el s390x
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.10.29~dfsg-2
oldstable: 4.8.2~dfsg-1
old-bpo: 8.11.1~dfsg-2~bpo9+1
stable: 10.15.2~dfsg-2
testing: 10.17.0~dfsg-2
unstable: 10.17.0~dfsg-2
exp: 12.13.1~dfsg-1

versioned links

0.10.29~dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.2~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.11.1~dfsg-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.15.2~dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.15.3~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.17.0~dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
12.13.1~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnode-dev (1 bugs: 1, 0, 0, 0)
libnode64
nodejs (8 bugs: 1, 7, 0, 0)
nodejs-doc

action needed

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:45:51
Last run: 2020-02-21 01:22:57 UTC
Previous status: pass

testing: pass (log)
The tests ran in 0:45:55
Last run: 2020-02-17 06:03:15 UTC
Previous status: pass

stable: fail (log)
The tests ran in 0:33:00
Last run: 2019-10-06 04:37:20 UTC
Previous status: fail

Created: 2019-09-13 Last update: 2020-02-23 00:36

A new upstream version is available: 10.19.0 high

A new upstream version 10.19.0 is available, you should consider packaging it.

Created: 2019-12-20 Last update: 2020-02-22 23:05

6 security issues in buster high

There are 6 open security issues in buster.

6 important issues:

CVE-2019-15604: Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
CVE-2019-9513: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
CVE-2019-9511: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Please fix them.

Created: 2019-08-16 Last update: 2020-02-22 16:51

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2019-15604: Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Please fix them.

Created: 2020-02-08 Last update: 2020-02-22 16:51

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2019-15604: Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Please fix them.

Created: 2020-02-08 Last update: 2020-02-22 16:51

3 security issues in stretch high

There are 3 open security issues in stretch.

3 important issues:

CVE-2019-15604: Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Please fix them.

Created: 2020-02-08 Last update: 2020-02-22 16:51

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2020-02-18 Last update: 2020-02-23 00:31

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-01-25 Last update: 2020-02-22 23:34

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 12.13.1~dfsg-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit f6118c491965ed83e0f98f50f4a70f404406a976
Merge: 1cb31827f 97bbc888b
Author: Jérémy Lal <kapouer@debian.org>
Date:   Sun Feb 9 18:19:48 2020 +0000

    Merge branch 'dh' into 'master'
    
    Switch build to debhelper
    
    See merge request js-team/nodejs!1

commit 97bbc888b1cef91ffb68e9d21062f9b7f311fcaa
Author: Xavier Guimard <yadd@debian.org>
Date:   Sun Feb 9 17:10:34 2020 +0100

    Switch to dh, Bump debhelper compatibility level to 12

commit 8952316e361debf8bc5a9624e95f25a9d4991c63
Author: Xavier Guimard <yadd@debian.org>
Date:   Sun Feb 9 17:09:44 2020 +0100

    Disable test-release-npm test

commit 2893f5c12de1f40e774480ea96c175d2ef24718a
Author: Xavier Guimard <yadd@debian.org>
Date:   Sat Feb 8 08:05:55 2020 +0100

    Add upstream/metadata

commit 1cb31827fd16f182d09fa5abff3a1e3618b7c69f
Author: Jérémy Lal <kapouer@melix.org>
Date:   Sat Nov 23 11:40:22 2019 +0100

    Update changelog

commit abd3f0192bfba43873b7b027d243389bd39e3df6
Author: Jérémy Lal <kapouer@melix.org>
Date:   Sat Nov 23 11:39:39 2019 +0100

    Simplify and tighten lintian overrides

commit aae710d2404caee65b0246180840063ef024ed6e
Author: Jérémy Lal <kapouer@melix.org>
Date:   Sat Nov 23 10:59:14 2019 +0100

    Revert "Override any source-is-missing - workaround pattern issues"
    
    Lintian 2.38.0 fixes the issue
    This reverts commit 2df999bd129c4e3fc64410b055bff93df493b03d.

Created: 2019-11-27 Last update: 2020-02-20 14:04

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2019-01-06 Last update: 2019-09-12 08:11

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2020-01-21 05:06

testing migrations

This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-nodejs transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-11-19] Accepted nodejs 12.13.1~dfsg-1 (source) into experimental (Jérémy Lal)
[2019-11-01] Accepted nodejs 12.13.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2019-10-31] nodejs 10.17.0~dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-10-25] Accepted nodejs 10.17.0~dfsg-2 (source) into unstable (Jérémy Lal)
[2019-10-23] Accepted nodejs 10.17.0~dfsg-1 (source) into unstable (Jérémy Lal)
[2019-09-16] Accepted nodejs 12.10.0~dfsg-2 (source) into experimental (Jérémy Lal)
[2019-09-11] Accepted nodejs 12.10.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2019-09-11] Accepted nodejs 10.16.3~dfsg-1 (source) into unstable (Jérémy Lal)
[2019-08-08] Accepted nodejs 12.8.0~dfsg-2 (source) into experimental (Jérémy Lal)
[2019-08-08] Accepted nodejs 12.8.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2019-08-03] Accepted nodejs 12.7.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2019-05-07] Accepted nodejs 12.1.0~dfsg-1 (source amd64 all) into experimental, experimental (Jérémy Lal)
[2019-04-17] nodejs 10.15.2~dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-04-14] Accepted nodejs 10.15.2~dfsg-2 (source) into unstable (Jérémy Lal)
[2019-03-11] Accepted nodejs 10.15.3~dfsg-1 (source) into experimental (Jérémy Lal)
[2019-03-11] nodejs 10.15.2~dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-02-28] Accepted nodejs 10.15.2~dfsg-1 (source) into unstable (Jérémy Lal)
[2019-02-11] nodejs 10.15.1~dfsg-5 MIGRATED to testing (Debian testing watch)
[2019-02-09] Accepted nodejs 10.15.1~dfsg-5 (source) into unstable (Jérémy Lal)
[2019-02-08] Accepted nodejs 10.15.1~dfsg-4 (source) into experimental (Jérémy Lal)
[2019-02-08] Accepted nodejs 10.15.1~dfsg-3 (source) into experimental (Jérémy Lal)
[2019-02-04] nodejs 10.15.1~dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-02-01] Accepted nodejs 10.15.1~dfsg-2 (source) into unstable (Jérémy Lal)
[2019-01-31] Accepted nodejs 10.15.1~dfsg-1 (source) into experimental (Jérémy Lal)
[2019-01-31] nodejs 10.15.0~dfsg-10 MIGRATED to testing (Debian testing watch)
[2019-01-25] Accepted nodejs 10.15.0~dfsg-10 (source) into unstable (Jérémy Lal)
[2019-01-21] Accepted nodejs 10.15.0~dfsg-9 (source) into unstable (Jérémy Lal)
[2019-01-06] Accepted nodejs 10.15.0~dfsg-8 (source) into unstable (Jérémy Lal)
[2019-01-05] Accepted nodejs 10.15.0~dfsg-7 (source) into unstable (Jérémy Lal)
[2019-01-01] Accepted nodejs 10.15.0~dfsg-6 (source) into unstable (Jérémy Lal)

bugs [bug history graph]

all: 14
RC: 2
I&N: 12
M&W: 0
F&P: 0
patch: 2

links

homepage
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 10.15.2~dfsg-2ubuntu1
30 bugs
patches for 10.15.2~dfsg-2ubuntu1