Publishing details

Published on 2024-04-24

Changelog

cryptojs (3.1.2+dfsg-2ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: weak hash algorithm (SHA1) and iterations (1) in PBKDF2.
    - debian/build: include SHA256 as dependency instead of SHA1.
    - debian/patches/CVE-2023-46233.patch: modify default PBKDF2 configurations
      to use SHA256 and 250k iterations.
    - CVE-2023-46233.

 -- Federico Quattrin <email address hidden>  Wed, 24 Apr 2024 11:46:50 -0300

Available diffs

diff from 3.1.2+dfsg-2 (in Debian) to 3.1.2+dfsg-2ubuntu0.20.04.1 (1.5 KiB)

Builds

amd64

Built packages

libjs-cryptojs collection of cryptographic algorithms implemented in JavaScript

Package files

cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.debian.tar.xz (4.4 KiB)
cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1.dsc (2.0 KiB)
cryptojs_3.1.2+dfsg.orig.tar.xz (29.5 KiB)
libjs-cryptojs_3.1.2+dfsg-2ubuntu0.20.04.1_all.deb (50.6 KiB)