wlc - Debian Package Tracker

general

source: wlc (main)
version: 2.0.0-1
maintainer: Debian Python Team (DMD)
uploaders: Alexandre Detiste [DMD]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2-1
oldstable: 1.13-2
stable: 1.15-1
testing: 1.17.2-1
unstable: 2.0.0-1

versioned links

1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.13-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

action needed

4 security issues in trixie high

There are 4 open security issues in trixie.

1 important issue:

CVE-2026-42150: wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0.

3 issues left for the package maintainer to handle:

CVE-2026-22250: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
CVE-2026-22251: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
CVE-2026-23535: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-01-13 Last update: 2026-05-09 10:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-42150: wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0.

Created: 2026-05-08 Last update: 2026-05-09 10:00

4 security issues in bullseye high

There are 4 open security issues in bullseye.

1 important issue:

CVE-2026-42150: wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0.

3 issues postponed or untriaged:

CVE-2026-22250: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
CVE-2026-22251: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
CVE-2026-23535: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.

Created: 2026-05-08 Last update: 2026-05-09 10:00

4 security issues in bookworm high

There are 4 open security issues in bookworm.

1 important issue:

CVE-2026-42150: wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0.

3 issues left for the package maintainer to handle:

CVE-2026-22250: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
CVE-2026-22251: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
CVE-2026-23535: (needs triaging) wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-01-13 Last update: 2026-05-09 10:00

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2026-05-14 Last update: 2026-05-17 03:18

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit e976cecd738d7de14eed8f8665f4863d418e49f3
Author: Alexandre Detiste <tchet@debian.org>
Date:   Fri May 8 21:37:24 2026 +0100

    Set upstream metadata fields: Documentation, Funding, Security-Contact.
    
    Changes-By: lintian-brush

Created: 2026-05-08 Last update: 2026-05-14 04:31

testing migrations

excuses:
- Migration status for wlc (1.17.2-1 to 2.0.0-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for wlc/2.0.0-1: amd64: Pass, arm64: Pass, i386: Test triggered, loong64: Test triggered, ppc64el: Pass, riscv64: Test triggered, s390x: Test triggered
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/w/wlc.html
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ 8 days old (needed 5 days)
- Not considered

news

[rss feed]

[2026-05-08] Accepted wlc 2.0.0-1 (source) into unstable (Alexandre Detiste)
[2026-04-13] wlc 1.17.2-1 MIGRATED to testing (Debian testing watch)
[2026-04-10] Accepted wlc 1.17.2-1 (source) into unstable (Alexandre Detiste)
[2025-10-30] wlc 1.16.1-1 MIGRATED to testing (Debian testing watch)
[2025-10-28] Accepted wlc 1.16.1-1 (source) into unstable (Alexandre Detiste)
[2025-08-25] wlc 1.15-2 MIGRATED to testing (Debian testing watch)
[2025-08-22] Accepted wlc 1.15-2 (source) into unstable (Boyuan Yang)
[2024-11-27] wlc 1.15-1 MIGRATED to testing (Debian testing watch)
[2024-11-23] Accepted wlc 1.15-1 (source) into unstable (Henrique Pucci) (signed by: Samuel Henrique)
[2024-05-19] wlc 1.14-1 MIGRATED to testing (Debian testing watch)
[2024-05-17] Accepted wlc 1.14-1 (source) into unstable (Sergio de Almeida Cipriano Junior) (signed by: Samuel Henrique)
[2023-03-09] wlc 1.13-2 MIGRATED to testing (Debian testing watch)
[2023-02-27] Accepted wlc 1.13-2 (source) into unstable (Hans-Christoph Steiner)
[2023-02-11] wlc 1.13-1 MIGRATED to testing (Debian testing watch)
[2023-02-05] Accepted wlc 1.13-1 (source) into unstable (Hans-Christoph Steiner)
[2022-06-10] wlc 1.2-2 MIGRATED to testing (Debian testing watch)
[2022-06-05] Accepted wlc 1.2-2 (source) into unstable (Sandro Tosi)
[2020-02-27] wlc 1.2-1 MIGRATED to testing (Debian testing watch)
[2020-02-22] Accepted wlc 1.2-1 (source) into unstable (Michal Čihař)
[2019-02-27] wlc 1.1-1 MIGRATED to testing (Debian testing watch)
[2019-02-17] Accepted wlc 1.1-1 (source) into unstable (Michal Čihař)
[2018-10-23] wlc 0.9-1 MIGRATED to testing (Debian testing watch)
[2018-10-18] Accepted wlc 0.9-1 (source) into unstable (Michal Čihař)
[2017-07-16] wlc 0.8-1 MIGRATED to testing (Debian testing watch)
[2017-07-10] Accepted wlc 0.8-1 (source all) into unstable (Michal Čihař)
[2017-01-03] wlc 0.7-2 MIGRATED to testing (Debian testing watch)
[2016-12-23] Accepted wlc 0.7-2 (source) into unstable (Michal Čihař)
[2016-12-16] Accepted wlc 0.7-1 (source) into unstable (Michal Čihař)
[2016-09-26] wlc 0.6-1 MIGRATED to testing (Debian testing watch)
[2016-09-20] Accepted wlc 0.6-1 (source all) into unstable (Michal Čihař)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.16.1-1