libxpm - Debian Package Tracker

general

source: libxpm (main)
version: 1:3.5.19-1
maintainer: Debian X Strike Force (archive) (DMD)
arch: any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:3.5.12-1.1+deb11u1
o-o-sec: 1:3.5.12-1.1+deb11u1
oldstable: 1:3.5.12-1.1+deb12u1
old-sec: 1:3.5.12-1.1+deb12u1
stable: 1:3.5.17-1
stable-p-u: 1:3.5.17-1+deb13u1
testing: 1:3.5.19-1
unstable: 1:3.5.19-1

versioned links

1:3.5.12-1.1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.5.12-1.1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.5.17-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.5.17-1+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.5.19-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxpm-dev (1 bugs: 0, 0, 1, 0)
libxpm4
xpmutils

action needed

lintian reports 1 error and 5 warnings high

Lintian reports 1 error and 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-24 Last update: 2026-04-24 23:30

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 3.9.8).

Created: 2018-04-16 Last update: 2026-04-24 16:47

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2026-06-02 Last update: 2026-06-23 21:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-4367: (needs triaging) A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a specially crafted or very small XPM (X PixMap) image file. This improper validation of file boundaries can cause an internal pointer to read beyond the file's end, leading to application crashes and Denial of Service conditions.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-04-22 Last update: 2026-06-17 06:02

news

[rss feed]

[2026-06-13] Accepted libxpm 1:3.5.17-1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2026-04-29] libxpm 1:3.5.19-1 MIGRATED to testing (Debian testing watch)
[2026-04-24] Accepted libxpm 1:3.5.19-1 (source) into unstable (Emilio Pozuelo Monfort)
[2023-10-08] libxpm 1:3.5.17-1 MIGRATED to testing (Debian testing watch)
[2023-10-07] Accepted libxpm 1:3.5.12-1.1+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Julien Cristau)
[2023-10-07] Accepted libxpm 1:3.5.12-1.1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Julien Cristau)
[2023-10-05] Accepted libxpm 1:3.5.12-1.1+deb11u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Julien Cristau)
[2023-10-05] Accepted libxpm 1:3.5.12-1.1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Julien Cristau)
[2023-10-05] Accepted libxpm 1:3.5.17-1 (source) into unstable (Julien Cristau)
[2023-10-05] Accepted libxpm 1:3.5.12-1+deb10u2 (source) into oldoldstable (Emilio Pozuelo Monfort)
[2023-06-19] Accepted libxpm 1:3.5.12-1+deb10u1 (source) into oldoldstable (Bastien Roucaries) (signed by: Bastien ROUCARIÈS)
[2023-02-12] Accepted libxpm 1:3.5.12-1.1~deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2023-01-23] libxpm 1:3.5.12-1.1 MIGRATED to testing (Debian testing watch)
[2023-01-17] Accepted libxpm 1:3.5.12-1.1 (source) into unstable (Salvatore Bonaccorso)
[2017-01-28] Accepted libxpm 1:3.5.12-0+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-01-25] Accepted libxpm 1:3.5.10-1+deb7u1 (source amd64) into oldstable (Emilio Pozuelo Monfort)
[2017-01-02] libxpm 1:3.5.12-1 MIGRATED to testing (Debian testing watch)
[2016-12-22] Accepted libxpm 1:3.5.12-1 (source) into unstable (Emilio Pozuelo Monfort)
[2014-07-19] libxpm 1:3.5.11-1 MIGRATED to testing (Britney)
[2014-07-13] Accepted libxpm 1:3.5.11-1 (source amd64) (Julien Cristau)
[2012-05-02] libxpm 1:3.5.10-1 MIGRATED to testing (Debian testing watch)
[2012-04-21] Accepted libxpm 1:3.5.10-1 (source amd64) (Julien Cristau)
[2011-11-11] libxpm 1:3.5.9-4 MIGRATED to testing (Debian testing watch)
[2011-10-31] Accepted libxpm 1:3.5.9-4 (source amd64) (Julien Cristau)
[2011-10-22] Accepted libxpm 1:3.5.9-3 (source amd64) (Steve Langasek)
[2011-10-21] Accepted libxpm 1:3.5.9-2 (source amd64) (Steve Langasek)
[2011-02-06] libxpm 1:3.5.9-1 MIGRATED to testing (Debian testing watch)
[2010-11-19] Accepted libxpm 1:3.5.9-1 (source amd64) (Cyril Brulebois)
[2009-12-07] libxpm 1:3.5.8-1 MIGRATED to testing (Debian testing watch)
[2009-11-25] Accepted libxpm 1:3.5.8-1 (source i386) (Julien Cristau)

bugs [bug history graph]

all: 3
RC: 0
I&N: 1
M&W: 1
F&P: 1
patch: 2

links

homepage
lintian (1, 5)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:3.5.19-1