pdfminer - Debian Package Tracker

general

source: pdfminer (main)
version: 20221105+dfsg-1.1
maintainer: Debian Python Team (DMD)
uploaders: Daniel Kahn Gillmor [DMD] – Daniele Tricoli [DMD]
arch: all
std-ver: 4.6.2.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20200726-1
o-o-sec: 20200726-1+deb11u1
oldstable: 20221105+dfsg-1
stable: 20221105+dfsg-1
testing: 20221105+dfsg-1.1
unstable: 20221105+dfsg-1.1

versioned links

20200726-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20200726-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20221105+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20221105+dfsg-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

pdfminer-data (1 bugs: 0, 1, 0, 0)
python3-pdfminer

action needed

A new upstream version is available: 20251107 high

A new upstream version 20251107 is available, you should consider packaging it.

Created: 2023-12-31 Last update: 2025-11-20 13:32

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-64512: Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.

Created: 2025-11-11 Last update: 2025-11-18 23:31

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-64512: Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.

Created: 2025-11-11 Last update: 2025-11-18 23:31

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2025-11-16 Last update: 2025-11-16 04:01

Depends on packages which need a new maintainer normal

The packages that pdfminer depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2025-11-20 17:00

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-11-20 16:30

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-12-20 Last update: 2025-11-16 12:30

debian/patches: 2 patches to forward upstream low

Among the 3 debian patches available in version 20221105+dfsg-1.1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-11-16 11:16

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2.0).

Created: 2024-04-07 Last update: 2025-11-16 08:01

news

[rss feed]

[2025-11-18] Accepted pdfminer 20200726-1+deb11u1 (source) into oldoldstable-security (Chris Lamb)
[2025-11-18] pdfminer 20221105+dfsg-1.1 MIGRATED to testing (Debian testing watch)
[2025-11-15] Accepted pdfminer 20221105+dfsg-1.1 (source) into unstable (Salvatore Bonaccorso)
[2023-01-16] pdfminer 20221105+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-01-16] pdfminer 20221105+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-12-19] Accepted pdfminer 20221105+dfsg-1 (source) into unstable (Daniele Tricoli)
[2022-03-25] pdfminer 20220319+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-03-22] Accepted pdfminer 20220319+dfsg-1 (source) into unstable (Daniele Tricoli)
[2021-08-28] pdfminer 20201018+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-08-25] Accepted pdfminer 20201018+dfsg-1 (source) into unstable (Daniele Tricoli)
[2020-08-12] pdfminer 20200726-1 MIGRATED to testing (Debian testing watch)
[2020-08-09] Accepted pdfminer 20200726-1 (source) into unstable (Emmanuel Arias) (signed by: Jonathan Carter)
[2020-07-12] pdfminer 20191020+dfsg-3 MIGRATED to testing (Debian testing watch)
[2020-07-09] Accepted pdfminer 20191020+dfsg-3 (source) into unstable (Daniele Tricoli)
[2019-12-23] pdfminer 20191020+dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-12-21] Accepted pdfminer 20191020+dfsg-2 (source) into unstable (Daniele Tricoli)
[2019-12-15] pdfminer 20191020+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-12-09] Accepted pdfminer 20191020+dfsg-1 (source) into unstable (Daniele Tricoli)
[2019-01-15] pdfminer 20181108+dfsg-3 MIGRATED to testing (Debian testing watch)
[2019-01-12] Accepted pdfminer 20181108+dfsg-3 (source all) into unstable (Daniele Tricoli)
[2019-01-10] pdfminer 20181108+dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-01-08] Accepted pdfminer 20181108+dfsg-2 (source all) into unstable (Daniele Tricoli)
[2019-01-06] Accepted pdfminer 20181108+dfsg-1 (source all) into unstable (Daniele Tricoli)
[2019-01-04] Accepted pdfminer 20181108+dfsg-1~exp1 (source all) into experimental, experimental (Daniele Tricoli)
[2018-11-05] pdfminer 20140328+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-10-30] Accepted pdfminer 20140328+dfsg-2 (source) into unstable (Daniel Kahn Gillmor)
[2015-11-11] pdfminer 20140328+dfsg-1 MIGRATED to testing (Britney)
[2015-11-05] Accepted pdfminer 20140328+dfsg-1 (source) into unstable (Daniele Tricoli) (signed by: Gianfranco Costamagna)
[2011-09-04] pdfminer 20110515+dfsg-1 MIGRATED to testing (Debian testing watch)
[2011-08-24] Accepted pdfminer 20110515+dfsg-1 (source all) (Daniele Tricoli) (signed by: Stefano Rivera)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (0, 6)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 20221105+dfsg-1.1
4 bugs