Accepted vips 8.18.0-3 (source) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 01 Mar 2026 07:46:08 +0100
Source: vips
Architecture: source
Version: 8.18.0-3
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 1129310 1129311 1129312 1129314 1129315
Changes:
 vips (8.18.0-3) unstable; urgency=medium
 .
   * Backport upstream security fix for CVE-2026-3283 and CVE-2026-3284:
     manipulation of the argument in vips_extract_band_build() leads to
     out-of-bounds read (closes: #1129310).
   * Backport upstream security fix for CVE-2026-3145 and CVE-2026-3146:
     vips_foreign_load_matrix_header() memory corruption (closes: #1129315).
   * Backport upstream security fix for CVE-2026-3282: manipulation of the
     argument in vips_unpremultiply_build() can lead to out-of-bounds read
     (closes: #1129311).
   * Backport upstream security fix for CVE-2026-3147: heap-based buffer
     overflow in vips_foreign_load_csv_build() (closes: #1129314).
   * Backport upstream security fix for CVE-2026-3281: manipulation of the
     argument in vips_bandrank_build() results in heap-based buffer overflow
     (closes: #1129312).
   * Mark gir1.2-vips-8.0 Multi-Arch: same.
Checksums-Sha1:
 50d571bc09c1fb083428569856d8529f32f6c901 2531 vips_8.18.0-3.dsc
 46c8e69ad226fdc3f096e54e6313b079806c4844 14256 vips_8.18.0-3.debian.tar.xz
Checksums-Sha256:
 672e2bc094ae5caaef20ed2ee9e5e0d71cfe50e8f444b5fdac5b124cd02f4960 2531 vips_8.18.0-3.dsc
 fa7755ea4035376723911aca251f5f720a532efd1267d6c2b60942a68978b7ae 14256 vips_8.18.0-3.debian.tar.xz
Files:
 29df674c26d6fbb0296f157e831e09c3 2531 libs optional vips_8.18.0-3.dsc
 e1e118c140b8dd5b41fe654e273a8f3b 14256 libs optional vips_8.18.0-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmmj/doACgkQ3OMQ54ZM
yL8WHRAAmCHhfBwU02uMocXU3GC3/dGhoR5TqWQXce4hajv6M+vP41u6IqpZVrjD
enULAucheXv0A4ugxNxFXfRDfJ7e/VFLIZJlOUAL+2W6tiENvJwrTAlvKo2/AqwO
TNkrHAzKX7YwkZsUfN8pqcdeSe8Qm2YmiVpBmx4K3Tyumb0Y11i5PXs3pO/Sxi9/
qV00lX5kR7LrKOcFy2MyilMCA3min59rDUed6TVTa/J9CjECuG9gap5xEi7z6oOt
NWRCQx6KydDFIdJmfxoalcNi3NVbxTt3v/yjqgUJmVc8C2gYyueM0cTQGMemCqn9
5cPV0jZFqp8+a981rYUI2YmNwojwkprDxvRNSwaYWlOZLImRa1m1MOTOogdI7ivr
iNCubpZJS3Ca5MfLvhHaE6XPNdLIaofR2UWtiUNuS+oGBiVMjRJm8QVER4JSW8pA
74Pk6a1lqAvL42ZqDk9lBEwjGuev2kXgZ2mrVrUUuotGag3GyjSrbNi/VSZG7z9x
k4Y4XosRAmCvPGdeCD9AOKxMhBOd6YZhiZnYesi1FnXSdE43sq31E5wNUwsHK3l4
airNy7nK9Yfdta2BNTPQfRg2H1j4RQonidzUCQlILjMjouoqrec6yE/KlL+YdjY9
BMP7Po0sAOUC4/rdjbqvZutdgjRoxMy1BvkHXeQ9OvE5pvMcpSk=
=ZMpH
-----END PGP SIGNATURE-----