Debian Package Tracker
Register | Log in
Subscribe

vips

Choose email to subscribe with

general
  • source: vips (main)
  • version: 8.16.1-2
  • maintainer: Laszlo Boszormenyi (GCS) (DMD)
  • arch: all any
  • std-ver: 4.7.2
  • VCS: unknown
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 8.10.5-2
  • o-o-sec: 8.10.5-2+deb11u1
  • oldstable: 8.14.1-3+deb12u2
  • old-sec: 8.14.1-3+deb12u2
  • stable: 8.16.1-1
  • testing: 8.16.1-1
  • unstable: 8.16.1-2
versioned links
  • 8.10.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.10.5-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.14.1-3+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.16.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.16.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • gir1.2-vips-8.0 (1 bugs: 0, 1, 0, 0)
  • libvips-dev
  • libvips-doc
  • libvips-tools (1 bugs: 0, 1, 0, 0)
  • libvips42t64 (1 bugs: 0, 1, 0, 0)
action needed
A new upstream version is available: 8.18.0-alpha2 high
A new upstream version 8.18.0-alpha2 is available, you should consider packaging it.
Created: 2025-03-14 Last update: 2025-10-04 19:32
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Created: 2025-09-30 Last update: 2025-10-03 12:30
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Created: 2025-09-30 Last update: 2025-10-03 12:30
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Created: 2025-09-30 Last update: 2025-10-03 12:30
1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:
  • CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Created: 2025-09-30 Last update: 2025-10-03 12:30
lintian reports 1 warning normal
Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.
Created: 2025-10-03 Last update: 2025-10-03 16:25
debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 8.16.1-2 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2025-10-03 Last update: 2025-10-03 17:02
Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2021-10-03 Last update: 2021-10-03 02:09
testing migrations
  • excuses:
    • Migration status for vips (8.16.1-1 to 8.16.1-2): BLOCKED: Maybe temporary, maybe blocked but Britney is missing information (check below)
    • Issues preventing migration:
    • ∙ ∙ missing build on ppc64el
    • ∙ ∙ arch:ppc64el not built yet, autopkgtest delayed there
    • ∙ ∙ Waiting for lintian test results on ppc64el - info
    • ∙ ∙ Too young, only 2 of 5 days old
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/v/vips.html
    • ∙ ∙ Reproducible on amd64 - info ♻
    • ∙ ∙ Waiting for reproducibility test results on arm64 - info ♻
    • Not considered
news
[rss feed]
  • [2025-10-03] Accepted vips 8.16.1-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2025-05-03] Accepted vips 8.14.1-3+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
  • [2025-05-03] Accepted vips 8.14.1-3+deb12u2 (source) into stable-security (Debian FTP Masters) (signed by: Guilhem Moulin)
  • [2025-04-30] Accepted vips 8.10.5-2+deb11u1 (source) into oldstable-security (Guilhem Moulin)
  • [2025-03-21] vips 8.16.1-1 MIGRATED to testing (Debian testing watch)
  • [2025-03-15] Accepted vips 8.16.1-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2024-12-02] vips 8.16.0-2 MIGRATED to testing (Debian testing watch)
  • [2024-11-30] Accepted vips 8.16.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2024-10-31] Accepted vips 8.16.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2024-08-23] vips 8.15.3-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-17] Accepted vips 8.15.3-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2024-08-04] vips 8.15.2-2 MIGRATED to testing (Debian testing watch)
  • [2024-07-30] Accepted vips 8.15.2-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2024-05-03] vips 8.15.2-1 MIGRATED to testing (Debian testing watch)
  • [2024-03-20] Accepted vips 8.15.2-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2024-02-29] Accepted vips 8.15.1-1.1 (source) into unstable (Steve Langasek)
  • [2024-02-04] Accepted vips 8.15.1-1.1~exp1 (source) into experimental (Steve Langasek)
  • [2024-01-08] vips 8.15.1-1 MIGRATED to testing (Debian testing watch)
  • [2024-01-03] Accepted vips 8.15.1-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-12-02] Accepted vips 8.14.1-3+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Laszlo Boszormenyi)
  • [2023-11-24] vips 8.15.0-2 MIGRATED to testing (Debian testing watch)
  • [2023-11-18] Accepted vips 8.15.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-11-12] Accepted vips 8.15.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-11-09] Accepted vips 8.15.0~rc2-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-11-07] Accepted vips 8.15.0~rc2-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-10-04] vips 8.14.5-1 MIGRATED to testing (Debian testing watch)
  • [2023-09-28] Accepted vips 8.14.5-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-08-25] vips 8.14.4-1 MIGRATED to testing (Debian testing watch)
  • [2023-08-19] Accepted vips 8.14.4-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
  • [2023-08-03] vips 8.14.3-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 8
  • RC: 0
  • I&N: 6
  • M&W: 2
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 1)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • l10n (-, 35)
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 8.16.1-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing