Debian Package Tracker

general

source: nodejs (main)
version: 12.20.1~dfsg-3
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Jérémy Lal [DMD] – Jonas Smedegaard [DMD]
arch: all amd64 arm64 armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel ppc64 ppc64el s390x
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.10.29~dfsg-2
oldstable: 4.8.2~dfsg-1
old-bpo: 8.11.1~dfsg-2~bpo9+1
stable: 10.21.0~dfsg-1~deb10u1
stable-sec: 10.23.1~dfsg-1~deb10u1
testing: 12.20.1~dfsg-3
unstable: 12.20.1~dfsg-3
exp: 14.13.0~dfsg-1

versioned links

0.10.29~dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.2~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.11.1~dfsg-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.21.0~dfsg-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.23.1~dfsg-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
12.20.1~dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
14.13.0~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnode-dev
libnode72
nodejs (10 bugs: 0, 9, 1, 0)
nodejs-doc

action needed

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:46:21
Last run: 2020-06-09 06:19:00 UTC
Previous status: pass

testing: pass (log)
The tests ran in 0:06:31
Last run: 2021-01-14 22:26:48 UTC
Previous status: pass

stable: fail (log)
The tests ran in 0:32:38
Last run: 2020-04-26 15:09:54 UTC
Previous status: fail

Created: 2019-09-13 Last update: 2021-01-18 16:07

lintian reports 2 errors and 5 warnings high

Lintian reports 2 errors and 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2020-10-22 04:33

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-01-18 16:02

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit a61aab52887054e1cbf3b89e0d518e4b6dd76100
Author: Jérémy Lal <kapouer@melix.org>
Date:   Sun Oct 18 14:41:27 2020 +0200

    New upstream version 14.14.0~dfsg

commit 9f20184e62ccdf9076ea0e454a601afab8bd6fa1
Merge: 5911278dc c2dc1b2da
Author: Jérémy Lal <kapouer@debian.org>
Date:   Tue Dec 1 10:54:37 2020 +0000

    Merge branch 'embed-types-14' into 'master'
    
    Embed @types/node 14
    
    See merge request js-team/nodejs!5

commit c2dc1b2daa881a3f66d9baeddbba38a16ff4ff62
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Dec 1 11:09:07 2020 +0100

    Embed @types/node 14

Created: 2020-12-08 Last update: 2021-01-14 17:37

7 ignored security issues in stretch low

There are 7 open security issues in stretch.

7 issues skipped by the security teams:

CVE-2019-15604: Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
CVE-2020-11080: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2020-8265: Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
CVE-2020-8287: Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.

Please fix them.

Created: 2020-02-08 Last update: 2021-01-17 06:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2020-06-03 Last update: 2021-01-12 00:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2021-01-11 17:40

testing migrations

This package will soon be part of the auto-nodejs transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-01-17] nodejs 12.20.1~dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-01-11] Accepted nodejs 12.20.1~dfsg-3 (source) into unstable (Xavier Guimard)
[2021-01-10] Accepted nodejs 12.20.1~dfsg-2 (source) into unstable (Xavier Guimard)
[2021-01-10] Accepted nodejs 12.20.1~dfsg-1 (source ppc64el all) into unstable (Jérémy Lal)
[2021-01-06] Accepted nodejs 10.23.1~dfsg-1~deb10u1 (source amd64 all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Jérémy Lal)
[2020-10-14] nodejs 12.19.0~dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-10-07] Accepted nodejs 12.19.0~dfsg-1 (source) into unstable (Jérémy Lal)
[2020-10-06] Accepted nodejs 14.13.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2020-09-23] Accepted nodejs 14.12.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2020-09-19] nodejs 12.18.4~dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-09-17] Accepted nodejs 14.11.0~dfsg-2 (source) into experimental (Jérémy Lal)
[2020-09-17] Accepted nodejs 14.11.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2020-09-16] Accepted nodejs 12.18.4~dfsg-1 (source) into unstable (Jérémy Lal)
[2020-08-29] Accepted nodejs 14.9.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2020-08-12] nodejs 12.18.3~dfsg-4 MIGRATED to testing (Debian testing watch)
[2020-08-11] Accepted nodejs 14.8.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2020-08-09] Accepted nodejs 14.7.0~dfsg-1 (source) into experimental (Jérémy Lal)
[2020-08-08] Accepted nodejs 12.18.3~dfsg-4 (source) into unstable (Jérémy Lal)
[2020-08-07] Accepted nodejs 12.18.3~dfsg-3 (source) into unstable (Jérémy Lal)
[2020-08-05] Accepted nodejs 12.18.3~dfsg-2 (source) into unstable (Jérémy Lal)
[2020-08-04] Accepted nodejs 12.18.3~dfsg-1 (source) into unstable (Jérémy Lal)
[2020-08-02] nodejs 12.18.2~dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-07-22] Accepted nodejs 12.18.2~dfsg-1 (source) into unstable (Jérémy Lal)
[2020-06-30] Accepted nodejs 12.18.1~dfsg-1 (source) into unstable (Jérémy Lal)
[2020-06-19] Accepted nodejs 14.4.0~dfsg-2 (source ppc64el all) into experimental, experimental (Debian FTP Masters) (signed by: Jérémy Lal)
[2020-06-19] Accepted nodejs 14.4.0~dfsg-1 (source ppc64el all) into experimental, experimental (Debian FTP Masters) (signed by: Jérémy Lal)
[2020-06-12] Accepted nodejs 10.21.0~dfsg-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Jérémy Lal)
[2020-06-11] Accepted nodejs 12.18.0~dfsg-3 (source) into unstable (Jérémy Lal)
[2020-06-11] Accepted nodejs 12.18.0~dfsg-2 (source) into unstable (Jérémy Lal)
[2020-06-08] nodejs 10.21.0~dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 14 15
RC: 1
I&N: 12 13
M&W: 1
F&P: 0
patch: 2

links

homepage
lintian (2, 5)
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 12.19.0~dfsg-1ubuntu1
29 bugs
patches for 12.19.0~dfsg-1ubuntu1