Debian Package Tracker
Register | Log in
Subscribe

nodejs

evented I/O for V8 javascript - runtime executable

Choose email to subscribe with

general
  • source: nodejs (main)
  • version: 12.20.1~dfsg-3
  • maintainer: Debian Javascript Maintainers (archive) (DMD)
  • uploaders: Jérémy Lal [DMD] – Jonas Smedegaard [DMD]
  • arch: all amd64 arm64 armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel ppc64 ppc64el s390x
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.10.29~dfsg-2
  • oldstable: 4.8.2~dfsg-1
  • old-bpo: 8.11.1~dfsg-2~bpo9+1
  • stable: 10.21.0~dfsg-1~deb10u1
  • stable-sec: 10.23.1~dfsg-1~deb10u1
  • testing: 12.20.1~dfsg-3
  • unstable: 12.20.1~dfsg-3
  • exp: 14.13.0~dfsg-1
versioned links
  • 0.10.29~dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 4.8.2~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.11.1~dfsg-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 10.21.0~dfsg-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 10.23.1~dfsg-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 12.20.1~dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 14.13.0~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libnode-dev
  • libnode72
  • nodejs (10 bugs: 0, 9, 1, 0)
  • nodejs-doc
action needed
Debci reports failed tests high
  • unstable: pass (log)
    The tests ran in 0:46:21
    Last run: 2020-06-09 06:19:00 UTC
    Previous status: pass

  • testing: pass (log)
    The tests ran in 0:06:31
    Last run: 2021-01-14 22:26:48 UTC
    Previous status: pass

  • stable: fail (log)
    The tests ran in 0:32:38
    Last run: 2020-04-26 15:09:54 UTC
    Previous status: fail

Created: 2019-09-13 Last update: 2021-01-18 16:07
lintian reports 2 errors and 5 warnings high
Lintian reports 2 errors and 5 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-09-21 Last update: 2020-10-22 04:33
2 bugs tagged patch in the BTS normal
The BTS contains patches fixing 2 bugs, consider including or untagging them.
Created: 2020-10-19 Last update: 2021-01-18 16:02
3 new commits since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit a61aab52887054e1cbf3b89e0d518e4b6dd76100
Author: Jérémy Lal <kapouer@melix.org>
Date:   Sun Oct 18 14:41:27 2020 +0200

    New upstream version 14.14.0~dfsg

commit 9f20184e62ccdf9076ea0e454a601afab8bd6fa1
Merge: 5911278dc c2dc1b2da
Author: Jérémy Lal <kapouer@debian.org>
Date:   Tue Dec 1 10:54:37 2020 +0000

    Merge branch 'embed-types-14' into 'master'
    
    Embed @types/node 14
    
    See merge request js-team/nodejs!5

commit c2dc1b2daa881a3f66d9baeddbba38a16ff4ff62
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Dec 1 11:09:07 2020 +0100

    Embed @types/node 14
Created: 2020-12-08 Last update: 2021-01-14 17:37
7 ignored security issues in stretch low
There are 7 open security issues in stretch.
7 issues skipped by the security teams:
  • CVE-2019-15604: Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
  • CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
  • CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
  • CVE-2020-11080: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
  • CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
  • CVE-2020-8265: Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
  • CVE-2020-8287: Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
Please fix them.
Created: 2020-02-08 Last update: 2021-01-17 06:30
Build log checks report 2 warnings low
Build log checks report 2 warnings
Created: 2020-06-03 Last update: 2021-01-12 00:05
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2021-01-11 17:40
testing migrations
  • This package will soon be part of the auto-nodejs transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2021-01-17] nodejs 12.20.1~dfsg-3 MIGRATED to testing (Debian testing watch)
  • [2021-01-11] Accepted nodejs 12.20.1~dfsg-3 (source) into unstable (Xavier Guimard)
  • [2021-01-10] Accepted nodejs 12.20.1~dfsg-2 (source) into unstable (Xavier Guimard)
  • [2021-01-10] Accepted nodejs 12.20.1~dfsg-1 (source ppc64el all) into unstable (Jérémy Lal)
  • [2021-01-06] Accepted nodejs 10.23.1~dfsg-1~deb10u1 (source amd64 all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Jérémy Lal)
  • [2020-10-14] nodejs 12.19.0~dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-07] Accepted nodejs 12.19.0~dfsg-1 (source) into unstable (Jérémy Lal)
  • [2020-10-06] Accepted nodejs 14.13.0~dfsg-1 (source) into experimental (Jérémy Lal)
  • [2020-09-23] Accepted nodejs 14.12.0~dfsg-1 (source) into experimental (Jérémy Lal)
  • [2020-09-19] nodejs 12.18.4~dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-09-17] Accepted nodejs 14.11.0~dfsg-2 (source) into experimental (Jérémy Lal)
  • [2020-09-17] Accepted nodejs 14.11.0~dfsg-1 (source) into experimental (Jérémy Lal)
  • [2020-09-16] Accepted nodejs 12.18.4~dfsg-1 (source) into unstable (Jérémy Lal)
  • [2020-08-29] Accepted nodejs 14.9.0~dfsg-1 (source) into experimental (Jérémy Lal)
  • [2020-08-12] nodejs 12.18.3~dfsg-4 MIGRATED to testing (Debian testing watch)
  • [2020-08-11] Accepted nodejs 14.8.0~dfsg-1 (source) into experimental (Jérémy Lal)
  • [2020-08-09] Accepted nodejs 14.7.0~dfsg-1 (source) into experimental (Jérémy Lal)
  • [2020-08-08] Accepted nodejs 12.18.3~dfsg-4 (source) into unstable (Jérémy Lal)
  • [2020-08-07] Accepted nodejs 12.18.3~dfsg-3 (source) into unstable (Jérémy Lal)
  • [2020-08-05] Accepted nodejs 12.18.3~dfsg-2 (source) into unstable (Jérémy Lal)
  • [2020-08-04] Accepted nodejs 12.18.3~dfsg-1 (source) into unstable (Jérémy Lal)
  • [2020-08-02] nodejs 12.18.2~dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-22] Accepted nodejs 12.18.2~dfsg-1 (source) into unstable (Jérémy Lal)
  • [2020-06-30] Accepted nodejs 12.18.1~dfsg-1 (source) into unstable (Jérémy Lal)
  • [2020-06-19] Accepted nodejs 14.4.0~dfsg-2 (source ppc64el all) into experimental, experimental (Debian FTP Masters) (signed by: Jérémy Lal)
  • [2020-06-19] Accepted nodejs 14.4.0~dfsg-1 (source ppc64el all) into experimental, experimental (Debian FTP Masters) (signed by: Jérémy Lal)
  • [2020-06-12] Accepted nodejs 10.21.0~dfsg-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Jérémy Lal)
  • [2020-06-11] Accepted nodejs 12.18.0~dfsg-3 (source) into unstable (Jérémy Lal)
  • [2020-06-11] Accepted nodejs 12.18.0~dfsg-2 (source) into unstable (Jérémy Lal)
  • [2020-06-08] nodejs 10.21.0~dfsg-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 14 15
  • RC: 1
  • I&N: 12 13
  • M&W: 1
  • F&P: 0
  • patch: 2
links
  • homepage
  • lintian (2, 5)
  • buildd: logs, exp, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 12.19.0~dfsg-1ubuntu1
  • 29 bugs
  • patches for 12.19.0~dfsg-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing