vips - Debian Package Tracker

general

source: vips (main)
version: 8.17.3-1
maintainer: Laszlo Boszormenyi (GCS) (DMD)
arch: all any
std-ver: 4.7.2
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 8.10.5-2
o-o-sec: 8.10.5-2+deb11u1
oldstable: 8.14.1-3+deb12u2
old-sec: 8.14.1-3+deb12u2
stable: 8.16.1-1
testing: 8.16.1-2
unstable: 8.17.3-1

versioned links

8.10.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.10.5-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.14.1-3+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.16.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.16.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8.17.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-vips-8.0 (1 bugs: 0, 1, 0, 0)
libvips-dev
libvips-doc
libvips-tools (1 bugs: 0, 1, 0, 0)
libvips42t64

action needed

A new upstream version is available: 8.18.0-alpha2 high

A new upstream version 8.18.0-alpha2 is available, you should consider packaging it.

Created: 2025-03-14 Last update: 2025-11-10 09:01

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.

Created: 2025-09-30 Last update: 2025-11-09 23:30

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-59933: (needs triaging) libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-09-30 Last update: 2025-11-09 23:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-59933: (needs triaging) libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-09-30 Last update: 2025-11-09 23:30

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 8.16.1-2 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-10-03 Last update: 2025-10-03 17:02

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2021-10-03 Last update: 2021-10-03 02:09

testing migrations

excuses:
- Migration status for vips (8.16.1-2 to 8.17.3-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for lua-vips/1.1.12-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻)
- ∙ ∙ Missing build on riscv64
- ∙ ∙ Autopkgtest deferred on riscv64: missing arch:riscv64 build
- ∙ ∙ Lintian check waiting for test results on riscv64 - info
- ∙ ∙ Too young, only 0 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/v/vips.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- Not considered

news

[rss feed]

[2025-11-09] Accepted vips 8.17.3-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2025-11-09] vips 8.16.1-2 MIGRATED to testing (Debian testing watch)
[2025-10-03] Accepted vips 8.16.1-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2025-05-03] Accepted vips 8.14.1-3+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2025-05-03] Accepted vips 8.14.1-3+deb12u2 (source) into stable-security (Debian FTP Masters) (signed by: Guilhem Moulin)
[2025-04-30] Accepted vips 8.10.5-2+deb11u1 (source) into oldstable-security (Guilhem Moulin)
[2025-03-21] vips 8.16.1-1 MIGRATED to testing (Debian testing watch)
[2025-03-15] Accepted vips 8.16.1-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-12-02] vips 8.16.0-2 MIGRATED to testing (Debian testing watch)
[2024-11-30] Accepted vips 8.16.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-10-31] Accepted vips 8.16.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-08-23] vips 8.15.3-1 MIGRATED to testing (Debian testing watch)
[2024-08-17] Accepted vips 8.15.3-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-08-04] vips 8.15.2-2 MIGRATED to testing (Debian testing watch)
[2024-07-30] Accepted vips 8.15.2-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-05-03] vips 8.15.2-1 MIGRATED to testing (Debian testing watch)
[2024-03-20] Accepted vips 8.15.2-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2024-02-29] Accepted vips 8.15.1-1.1 (source) into unstable (Steve Langasek)
[2024-02-04] Accepted vips 8.15.1-1.1~exp1 (source) into experimental (Steve Langasek)
[2024-01-08] vips 8.15.1-1 MIGRATED to testing (Debian testing watch)
[2024-01-03] Accepted vips 8.15.1-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-12-02] Accepted vips 8.14.1-3+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Laszlo Boszormenyi)
[2023-11-24] vips 8.15.0-2 MIGRATED to testing (Debian testing watch)
[2023-11-18] Accepted vips 8.15.0-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-11-12] Accepted vips 8.15.0-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-11-09] Accepted vips 8.15.0~rc2-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-11-07] Accepted vips 8.15.0~rc2-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-10-04] vips 8.14.5-1 MIGRATED to testing (Debian testing watch)
[2023-09-28] Accepted vips 8.14.5-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2023-08-25] vips 8.14.4-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 5
RC: 0
I&N: 4
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 35)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 8.16.1-2