weasyprint - Debian Package Tracker

general

source: weasyprint (main)
version: 69.0-1
maintainer: Debian Python Team (DMD)
uploaders: Stéphane Glondu [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 51-2
oldstable: 57.2-1
stable: 62.3-1
testing: 67.0-1
unstable: 69.0-1

versioned links

51-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
57.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
62.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
67.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
69.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

weasyprint

action needed

Marked for autoremoval on 21 July: #1139189 high

Version 67.0-1 of weasyprint is marked for autoremoval from testing on Tue 21 Jul 2026. It is affected by #1139189. The removal of weasyprint will also cause the removal of (transitive) reverse dependency: rust-presenterm. You should try to prevent the removal by fixing these RC bugs.

Created: 2026-06-14 Last update: 2026-06-16 06:30

2 security issues in trixie high

There are 2 open security issues in trixie.

1 important issue:

CVE-2026-49452:

1 issue left for the package maintainer to handle:

CVE-2025-68616: (needs triaging) WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-07 Last update: 2026-06-15 19:31

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2025-68616: WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.
CVE-2026-49452:

Created: 2026-06-07 Last update: 2026-06-15 19:31

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2026-49452:

1 issue postponed or untriaged:

CVE-2025-68616: (postponed; to be fixed through a stable update) WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Created: 2026-06-15 Last update: 2026-06-15 19:31

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2026-49452:

1 issue left for the package maintainer to handle:

CVE-2025-68616: (needs triaging) WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-07 Last update: 2026-06-15 19:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.0).

Created: 2025-02-21 Last update: 2026-06-15 15:18

testing migrations

excuses:
- Migration status for weasyprint (67.0-1 to 69.0-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for weasyprint/69.0-1: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Failed ♻
- ∙ ∙ Too young, only 1 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Updating weasyprint will fix bugs in testing: #1139189
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/w/weasyprint.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- Not considered

news

[rss feed]

[2026-06-15] Accepted weasyprint 69.0-1 (source) into unstable (Stéphane Glondu)
[2026-03-04] weasyprint 67.0-1 MIGRATED to testing (Debian testing watch)
[2026-02-27] Accepted weasyprint 67.0-1 (source) into unstable (Stéphane Glondu)
[2024-07-02] weasyprint 62.3-1 MIGRATED to testing (Debian testing watch)
[2024-06-27] Accepted weasyprint 62.3-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-06-15] weasyprint 62.2-1 MIGRATED to testing (Debian testing watch)
[2024-06-09] Accepted weasyprint 62.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-05-13] weasyprint 62.1-1 MIGRATED to testing (Debian testing watch)
[2024-05-06] Accepted weasyprint 62.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-05-06] Accepted weasyprint 62.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-05-03] weasyprint 61.2-2 MIGRATED to testing (Debian testing watch)
[2024-04-27] Accepted weasyprint 61.2-2 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-03-21] weasyprint 61.2-1 MIGRATED to testing (Debian testing watch)
[2024-03-16] Accepted weasyprint 61.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-03-07] weasyprint 61.1-1 MIGRATED to testing (Debian testing watch)
[2024-03-01] Accepted weasyprint 61.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-02-24] weasyprint 61.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-18] Accepted weasyprint 61.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-01-09] weasyprint 60.2-1 MIGRATED to testing (Debian testing watch)
[2024-01-03] Accepted weasyprint 60.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2023-06-20] weasyprint 59.0-1 MIGRATED to testing (Debian testing watch)
[2023-06-12] Accepted weasyprint 59.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2023-01-20] weasyprint 57.2-1 MIGRATED to testing (Debian testing watch)
[2023-01-15] Accepted weasyprint 57.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-11-12] weasyprint 57.1-1 MIGRATED to testing (Debian testing watch)
[2022-11-07] weasyprint 57.0-2 MIGRATED to testing (Debian testing watch)
[2022-11-07] Accepted weasyprint 57.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-11-02] Accepted weasyprint 57.0-2 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-10-21] Accepted weasyprint 57.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-10-18] weasyprint 56.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 69.0-1