vips - Debian Package Tracker

general

source: vips (main)
version: 8.16.1-2
maintainer: Laszlo Boszormenyi (GCS) (DMD)
arch: all any
std-ver: 4.7.2
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 8.10.5-2
o-o-sec: 8.10.5-2+deb11u1
oldstable: 8.14.1-3+deb12u2
old-sec: 8.14.1-3+deb12u2
stable: 8.16.1-1
testing: 8.16.1-1
unstable: 8.16.1-2

versioned links

8.10.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.10.5-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.14.1-3+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.16.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.16.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-vips-8.0 (1 bugs: 0, 1, 0, 0)
libvips-dev
libvips-doc
libvips-tools (1 bugs: 0, 1, 0, 0)
libvips42t64 (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 8.18.0-alpha2 high

A new upstream version 8.18.0-alpha2 is available, you should consider packaging it.

Created: 2025-03-14 Last update: 2025-10-25 08:01

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.

Created: 2025-09-30 Last update: 2025-10-06 12:01

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.

Created: 2025-09-30 Last update: 2025-10-06 12:01

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2025-10-08 Last update: 2025-10-25 08:00

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-03 Last update: 2025-10-03 16:25

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-59933: (needs triaging) libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-09-30 Last update: 2025-10-06 12:01

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-59933: (needs triaging) libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-09-30 Last update: 2025-10-06 12:01

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 8.16.1-2 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-10-03 Last update: 2025-10-03 17:02

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2021-10-03 Last update: 2021-10-03 02:09

testing migrations

excuses:
- Migration status for vips (8.16.1-1 to 8.16.1-2): BLOCKED: Maybe temporary, maybe blocked but Britney is missing information (check below)
- Issues preventing migration:
- ∙ ∙ missing build on ppc64el
- ∙ ∙ arch:ppc64el not built yet, autopkgtest delayed there
- ∙ ∙ Waiting for lintian test results on ppc64el - info
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/v/vips.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ 22 days old (needed 5 days)
- Not considered

news

[rss feed]

[2025-10-03] Accepted vips 8.16.1-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2025-05-03] Accepted vips 8.14.1-3+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2025-05-03] Accepted vips 8.14.1-3+deb12u2 (source) into stable-security (Debian FTP Masters) (signed by: Guilhem Moulin)
[2025-04-30] Accepted vips 8.10.5-2+deb11u1 (source) into oldstable-security (Guilhem Moulin)
[2025-03-21] vips 8.16.1-1 MIGRATED to testing (Debian testing watch)
[2025-03-15] Accepted vips 8.16.1-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-12-02] vips 8.16.0-2 MIGRATED to testing (Debian testing watch)
[2024-11-30] Accepted vips 8.16.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-10-31] Accepted vips 8.16.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-08-23] vips 8.15.3-1 MIGRATED to testing (Debian testing watch)
[2024-08-17] Accepted vips 8.15.3-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-08-04] vips 8.15.2-2 MIGRATED to testing (Debian testing watch)
[2024-07-30] Accepted vips 8.15.2-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-05-03] vips 8.15.2-1 MIGRATED to testing (Debian testing watch)
[2024-03-20] Accepted vips 8.15.2-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-02-29] Accepted vips 8.15.1-1.1 (source) into unstable (Steve Langasek)
[2024-02-04] Accepted vips 8.15.1-1.1~exp1 (source) into experimental (Steve Langasek)
[2024-01-08] vips 8.15.1-1 MIGRATED to testing (Debian testing watch)
[2024-01-03] Accepted vips 8.15.1-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-12-02] Accepted vips 8.14.1-3+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Laszlo Boszormenyi)
[2023-11-24] vips 8.15.0-2 MIGRATED to testing (Debian testing watch)
[2023-11-18] Accepted vips 8.15.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-11-12] Accepted vips 8.15.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-11-09] Accepted vips 8.15.0~rc2-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-11-07] Accepted vips 8.15.0~rc2-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-10-04] vips 8.14.5-1 MIGRATED to testing (Debian testing watch)
[2023-09-28] Accepted vips 8.14.5-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-08-25] vips 8.14.4-1 MIGRATED to testing (Debian testing watch)
[2023-08-19] Accepted vips 8.14.4-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-08-03] vips 8.14.3-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 8
RC: 0
I&N: 6
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 35)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 8.16.1-1