pygments - Debian Package Tracker

general

source: pygments (main)
version: 2.19.2+dfsg-1
maintainer: Piotr Ożarowski (DMD)
uploaders: Debian Python Team [DMD]
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.7.1+dfsg-2.1
oldstable: 2.14.0+dfsg-1
stable: 2.18.0+dfsg-2
testing: 2.19.2+dfsg-1
unstable: 2.19.2+dfsg-1

versioned links

2.7.1+dfsg-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.14.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.18.0+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.19.2+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-pygments-doc
python3-pygments (4 bugs: 0, 2, 2, 0)

action needed

A new upstream version is available: 2.20.0 high

A new upstream version 2.20.0 is available, you should consider packaging it.

Created: 2026-04-02 Last update: 2026-06-29 19:03

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-4539: A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Created: 2026-03-22 Last update: 2026-06-01 16:02

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-4539: A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Created: 2026-03-22 Last update: 2026-06-01 16:02

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2026-06-02 Last update: 2026-06-29 22:00

2 open merge requests in Salsa normal

There are 2 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2026-05-29 Last update: 2026-06-29 13:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.20.0+dfsg-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 3963dddb65f20480096231723be272d25201d97c
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date:   Mon Jun 29 14:27:04 2026 +0200

    trim leftover Python2+3 hybridation

commit 0839de54a8282f585f8b1788bf36d2f9cd4460bd
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date:   Mon Jun 29 14:26:32 2026 +0200

    rewrite d/rules with newer & shorter syntax

commit de8f50b8d7f2cbc208da5e7f5770f18dbcad8d28
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date:   Mon Jun 29 14:25:51 2026 +0200

    d/rules: guard "make doc" in a if-block

commit 085b9fa2bb049c65e8a9738a7c7ece0cf76de04f
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date:   Mon Jun 29 14:24:42 2026 +0200

    use dh-sequence-python3 & dh-sequence-sphinxdoc

commit a753cf2801d12d0f6c828270837d3e94794956d2
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date:   Mon Jun 29 14:24:23 2026 +0200

    d/salsa-ci.yml: test the <!nocheck> & <!nodoc> profiles

commit 7d9869bc99081cec8f166fc7a027e55534788fb6
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 14:14:15 2026 -0300

    Update changelog for 2.20.0+dfsg-1 release

commit 9721ba0e7a6fdf3c9e207400092be10382e9c147
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 15:07:31 2026 -0300

    d/copyright: Bump upstream copyright to 2026

commit 09bca5025415ffeee632e8d618f6361bdcebefcc
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 14:34:12 2026 -0300

    d/control: Bump Standards-Version to 4.7.4

commit 888336fbcda72127a358a16ed4e6b17f74bba35a
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 14:33:53 2026 -0300

    d/control: Drop redundant Rules-Requires-Root field

commit c07a67ce4fd55997367bd3e6fece2ba00b898c75
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 14:30:43 2026 -0300

    d/control: Drop redundant Priority field

commit 8021bd561f91fd12b15c7d17d612a18be4e95f5f
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 14:29:08 2026 -0300

    d/upstream|watch: Migrate to watch 5
    
    Use d/upstream/metadata (Archive: pypi.python.org)
    for upstream version tracking and drop d/watch.

commit 04043844d3e197fd3a5f9042697e3f87951824d3
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 14:11:14 2026 -0300

    d/p/tests-tolerate-missing-example-files.patch: Update patch

commit e4a1ed954f7bb64aa975195d218a589043835f97
Merge: e52e254 ffeef72
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 13:30:06 2026 -0300

    Update upstream source from tag 'upstream/2.20.0+dfsg'
    
    Update to upstream version '2.20.0+dfsg'
    with Debian dir 7d9b4f0adf3415dc8fb978aa696f364c158c515f

commit ffeef722743027c775ad8dc78f7fd7dfa006cdb6
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 13:30:03 2026 -0300

    New upstream version 2.20.0+dfsg

commit e52e254a9aa3d3d0eddec2e53380c46a4a17898b
Author: Matheus Polkorny <mpolkorny@gmail.com>
Date:   Sun Jun 7 13:27:26 2026 -0300

    d/copyright: Update Files-Excluded for new upstream version

commit 413c63135a237fce52372ae48f593b3ad09cf9cf
Author: Colin Watson <cjwatson@debian.org>
Date:   Wed Dec 31 15:28:12 2025 +0000

    Move python3-sphinx to Build-Depends

commit bdfb0ce6db9bf46ac687677a04c9a0b72e5aae28
Author: Colin Watson <cjwatson@debian.org>
Date:   Wed Dec 31 15:06:00 2025 +0000

    Move dh-python and pybuild-plugin-pyproject to Build-Depends

Created: 2025-02-16 Last update: 2026-06-29 13:31

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-4539: (needs triaging) A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-03-22 Last update: 2026-06-01 16:02

debian/patches: 3 patches to forward upstream low

Among the 4 debian patches available in version 2.19.2+dfsg-1 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-01-01 12:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.6.2).

Created: 2024-04-07 Last update: 2026-03-31 15:01

news

[rss feed]

[2026-01-13] pygments 2.19.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-12-31] Accepted pygments 2.19.2+dfsg-1 (source) into unstable (Colin Watson)
[2025-01-16] pygments 2.18.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted pygments 2.18.0+dfsg-2 (source) into unstable (Alexandre Detiste)
[2024-06-15] pygments 2.18.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-06-11] Accepted pygments 2.18.0+dfsg-1 (source) into unstable (Piotr Ożarowski)
[2024-02-10] pygments 2.17.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-02-02] Accepted pygments 2.17.2+dfsg-1 (source) into unstable (Piotr Ożarowski)
[2023-06-20] pygments 2.15.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-04-19] Accepted pygments 2.15.1+dfsg-1 (source) into unstable (Piotr Ożarowski)
[2023-04-15] Accepted pygments 2.15.0+dfsg-1 (source) into unstable (Piotr Ożarowski)
[2023-01-23] pygments 2.14.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-01-07] Accepted pygments 2.14.0+dfsg-1 (source) into unstable (Carsten Schoenert)
[2022-11-23] pygments 2.13.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-20] Accepted pygments 2.13.0+dfsg-1 (source) into unstable (Carsten Schoenert)
[2022-07-16] pygments 2.12.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-06-28] Accepted pygments 2.12.0+dfsg-2 (source) into unstable (Sandro Tosi)
[2022-06-24] Accepted pygments 2.12.0+dfsg-1 (source) into unstable (Sandro Tosi)
[2022-06-11] Accepted pygments 2.12.0+dfsg-1~exp1 (source) into experimental (Carsten Schoenert)
[2022-03-20] pygments 2.11.2+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-02-15] Accepted pygments 2.11.2+dfsg-2 (source) into unstable (Carsten Schoenert)
[2022-02-14] Accepted pygments 2.11.2+dfsg-1 (source) into unstable (Carsten Schoenert)
[2021-12-10] Accepted pygments 2.10.0+dfsg-1 (source) into unstable (Sandro Tosi)
[2021-06-14] pygments 2.7.1+dfsg-2.1 MIGRATED to testing (Debian testing watch)
[2021-06-07] Accepted pygments 2.7.1+dfsg-2.1 (source) into unstable (Salvatore Bonaccorso)
[2021-04-05] Accepted pygments 2.3.1+dfsg-1+deb10u2 (source all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-03-27] Accepted pygments 2.3.1+dfsg-1+deb10u2 (source all) into stable->embargoed, stable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-03-19] Accepted pygments 2.2.0+dfsg-1+deb9u2 (source all) into oldstable (Chris Lamb)
[2021-03-17] pygments 2.7.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-03-13] Accepted pygments 2.3.1+dfsg-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Emilio Pozuelo Monfort)

bugs [bug history graph]

all: 6
RC: 0
I&N: 3
M&W: 3
F&P: 0
patch: 2

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.19.2+dfsg-1