vnu - Debian Package Tracker

general

source: vnu (main)
version: 23.4.11+dfsg-3
maintainer: Fab Stz (DMD) (DM)
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 23.4.11+dfsg-3

versioned links

23.4.11+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libvnu-java
libvnu-java-common
vnu
vnu-client
vnu-common
vnu-jetty12
vnu-jetty9
vnu-server
vnu-tomcat11

action needed

A new upstream version is available: 26.5.22 high

A new upstream version 26.5.22 is available, you should consider packaging it.

Created: 2026-05-02 Last update: 2026-05-23 21:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-15104: Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).

Created: 2026-05-02 Last update: 2026-05-14 16:30

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2026-05-19 Last update: 2026-05-23 22:00

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libvnu-java-common could be marked Multi-Arch: foreign

Created: 2026-05-02 Last update: 2026-05-23 20:32

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 23.4.11+dfsg-4, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 1e80b6bde3b5669e470ae327b134e2026e217e66
Author: Fab Stz <fabstz-it@yahoo.fr>
Date:   Wed May 20 09:18:05 2026 +0200

    Make build reproducible (in manpage generation)
    
    Closes: #1137016
    Thanks: Chris Lamb

Created: 2026-05-20 Last update: 2026-05-20 08:33

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-02 Last update: 2026-05-07 21:31

debian/patches: 5 patches to forward upstream low

Among the 16 debian patches available in version 23.4.11+dfsg-3 of the package, we noticed the following issues:

5 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2026-05-02 Last update: 2026-05-14 22:01

testing migrations

excuses:
- Migration status for vnu (- to 23.4.11+dfsg-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for vnu/23.4.11+dfsg-3: amd64: Failed ♻, arm64: Failed ♻, i386: Failed ♻, ppc64el: Failed ♻, riscv64: Failed ♻, s390x: Failed ♻
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/v/vnu.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ 10 days old (needed 5 days)
- Not considered

news

[rss feed]

[2026-05-14] Accepted vnu 23.4.11+dfsg-3 (source) into unstable (Fab Stz)
[2026-05-07] Accepted vnu 23.4.11+dfsg-2 (source) into unstable (Fab Stz)
[2026-05-01] Accepted vnu 23.4.11+dfsg-1 (source all) into unstable (Debian FTP Masters) (signed by: Emmanuel Bourg)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 0
F&P: 1
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, cross
popcon
browse source code
other distros
security tracker
debian patches
debci