Debian Package Tracker

general

source: phantomjs (main)
version: 2.1.1+dfsg-2
maintainer: Dmitry Smirnov (DMD)
uploaders: TANIGUCHI Takaki [DMD]
arch: any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.1.1+dfsg-2
stable: 2.1.1+dfsg-2
testing: 2.1.1+dfsg-2
unstable: 2.1.1+dfsg-2

versioned links

2.1.1+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

phantomjs (5 bugs: 0, 3, 2, 0)

action needed

lintian reports 242 errors and 3 warnings high

Lintian reports 242 errors and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-08-03 Last update: 2019-12-04 04:19

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-17221: PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

Please fix it.

Created: 2019-11-05 Last update: 2019-11-07 06:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-17221: PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

Please fix it.

Created: 2019-11-05 Last update: 2019-11-07 06:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-17221: PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

Please fix it.

Created: 2019-11-05 Last update: 2019-11-07 06:30

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2019-17221: PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.

Please fix it.

Created: 2019-11-05 Last update: 2019-11-07 06:30

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 3.9.8).

Created: 2018-04-16 Last update: 2019-09-29 23:40

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.1.1+dfsg-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 62d32023ac35b8796b91c262e07afc688a29f946
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:47:47 2018 +0200

    d/control: Set Vcs-* to salsa.debian.org

commit d7836127b36b67f0c854370328b94d1230f1b6e1
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:47:45 2018 +0200

    d/control: Deprecating priority extra as per policy 4.0.1

commit 7b528e81ae0e63fa2230cf064d367174956fd5a5
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:47:43 2018 +0200

    d/copyright: Use https protocol in Format field

commit 4c3a13a50762c932593889b88b1a71bfcf859976
Author: TANIGUCHI Takaki <takaki@debian.org>
Date:   Mon May 14 23:53:11 2018 +0900

    remove myself from Uploaders

commit b3a52770a545dfb2899d7c35271109c486141931
Author: Dmitry Smirnov <onlyjob@member.fsf.org>
Date:   Wed Dec 27 16:40:04 2017 +1100

    Orphaning package...

commit 640f80a792b8bbf2510eb4225e892111ae4ce819
Author: Dmitry Smirnov <onlyjob@member.fsf.org>
Date:   Wed Dec 27 16:10:25 2017 +1100

    Changed wrapper and documented "offscreen" headless mode (Closes: #817277).
    
     Thanks, David Guglielmi.

commit 0b20f0ddc1f55061999ae8dbb0518fa024c55fed
Author: Dmitry Smirnov <onlyjob@member.fsf.org>
Date:   Sun Nov 5 10:51:46 2017 +1100

    Fix repository layout (Closes: #843601).
    
     #843601 is one of the reasons I dislike default git-buildpackage
     repository layout. From upstream we inherited ".gitignore" that disrupted
     packaging repository. Fixed by un-merging "master" to keep packaging and
     upstream sources apart.

commit bb028ded59c4d36172100600d7c173f5c6e6f0f6
Author: Ximin Luo <infinity0@debian.org>
Date:   Sat Aug 5 21:07:32 2017 +0200

    Update README.Debian about headless mode.

commit ce3a140e68591e5b74b7d2512df53a3ab0bec59a
Author: Dmitry Smirnov <onlyjob@member.fsf.org>
Date:   Thu Jun 16 19:34:54 2016 +1000

    correct typo in changelog

The Vcs URL is using anonscm.debian.org. Please update it for the move to salsa.debian.org.

Created: 2017-12-03 Last update: 2019-12-12 19:09

O: This package has been orphaned and needs a maintainer. normal

This package has been orphaned. This means that it does not have a real maintainer at the moment. Please consider adopting this package if you are interested in it. Please see bug number #885444 for more information.

Created: 2017-12-27 Last update: 2017-12-27 07:59

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2019-07-30 Last update: 2019-07-30 03:06

news

[rss feed]

[2017-03-16] Accepted phantomjs 2.1.1+dfsg-2~bpo8+1 (source amd64) into jessie-backports->backports-policy, jessie-backports (Andreas Tille)
[2016-06-21] phantomjs 2.1.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2016-06-16] Accepted phantomjs 2.1.1+dfsg-2 (source amd64) into unstable (Dmitry Smirnov)
[2016-02-23] phantomjs 2.1.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-02-18] Accepted phantomjs 2.1.1+dfsg-1 (source amd64) into unstable, unstable (Dmitry Smirnov)
[2015-12-27] Removed 2.0.0+dfsg-1 from unstable (Debian FTP Masters)
[2015-12-27] Removed 1.4.1+dfsg-1 from unstable (Debian FTP Masters)
[2015-12-27] Removed 2.0.0+dfsg-1 from unstable (Debian FTP Masters)
[2015-12-27] Removed 1.4.1+dfsg-1 from unstable (Debian FTP Masters)
[2015-11-25] Accepted phantomjs 2.0.0+dfsg-1 (source amd64) into unstable (TANIGUCHI Takaki)
[2013-05-15] Accepted phantomjs 1.9.0-1 (source amd64) (TANIGUCHI Takaki)
[2012-07-18] Accepted phantomjs 1.6.0-5 (source amd64) (TANIGUCHI Takaki)
[2012-07-13] phantomjs REMOVED from testing (Debian testing watch)
[2012-07-11] Accepted phantomjs 1.6.0-4 (source amd64) (TANIGUCHI Takaki)
[2012-07-05] Accepted phantomjs 1.6.0-3 (source amd64) (TANIGUCHI Takaki)
[2012-07-03] Accepted phantomjs 1.6.0-2 (source amd64) (TANIGUCHI Takaki)
[2012-06-30] Accepted phantomjs 1.6.0-1 (source amd64) (TANIGUCHI Takaki)
[2012-02-20] phantomjs 1.4.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2012-02-10] Accepted phantomjs 1.4.1+dfsg-1 (source all amd64) (TANIGUCHI Takaki)
[2012-01-07] phantomjs 1.4.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2011-12-27] Accepted phantomjs 1.4.0+dfsg-1 (source all amd64) (TANIGUCHI Takaki)
[2011-12-17] phantomjs 1.3.0+dfsg-4 MIGRATED to testing (Debian testing watch)
[2011-12-06] Accepted phantomjs 1.3.0+dfsg-4 (source all amd64) (TANIGUCHI Takaki)
[2011-11-25] phantomjs 1.3.0+dfsg-3 MIGRATED to testing (Debian testing watch)
[2011-11-15] Accepted phantomjs 1.3.0+dfsg-3 (source all amd64) (TANIGUCHI Takaki)
[2011-11-11] phantomjs 1.3.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2011-11-01] Accepted phantomjs 1.3.0+dfsg-2 (source all amd64) (TANIGUCHI Takaki)
[2011-10-31] Accepted phantomjs 1.3.0+dfsg-1 (source all amd64) (TANIGUCHI Takaki)

bugs [bug history graph]

all: 7
RC: 0
I&N: 5
M&W: 2
F&P: 0
patch: 0

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.1+dfsg-2
9 bugs