-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Dec 2025 11:15:39 +0100 Source: libpng1.6 Binary: libpng-dev libpng-tools libpng-tools-dbgsym libpng16-16 libpng16-16-dbgsym libpng16-16-udeb Architecture: amd64 Version: 1.6.39-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Tobias Frost Description: libpng-dev - PNG library - development (version 1.6) libpng-tools - PNG library - tools (version 1.6) libpng16-16 - PNG library - runtime (version 1.6) libpng16-16-udeb - PNG library - minimal runtime library (version 1.6) (udeb) Closes: 1121216 1121217 1121218 1121219 1121877 Changes: libpng1.6 (1.6.39-2+deb12u1) bookworm-security; urgency=high . * Security upload targeting boowkorm. * Backport fixes for: - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219) - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218) - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217) - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216) - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877) * Set gbp.conf for bookworm and enable salsa CI Checksums-Sha1: 50dc077194759f01f08128cb3a2fd6c45cf1df47 359708 libpng-dev_1.6.39-2+deb12u1_amd64.deb 09d513bff7b7e4f85fa4cc27a923b18e5f0152ee 50228 libpng-tools-dbgsym_1.6.39-2+deb12u1_amd64.deb d02c3e31069ee3aa52b191139a149ec70baf14bd 127240 libpng-tools_1.6.39-2+deb12u1_amd64.deb a5a59178566ab446aaf1a31f56c152b8d5ca7d5e 7532 libpng1.6_1.6.39-2+deb12u1_amd64-buildd.buildinfo cac74c869a51f91ae9773092be0c00b1b5beb467 246100 libpng16-16-dbgsym_1.6.39-2+deb12u1_amd64.deb 7f6a617e0384c2ff2fd52bf05fd40fc51c6dfe1d 93328 libpng16-16-udeb_1.6.39-2+deb12u1_amd64.udeb c95efbec07f7c9d235cb0f2e2e6c5208f3600c75 276032 libpng16-16_1.6.39-2+deb12u1_amd64.deb Checksums-Sha256: b59d3685f6284844540db932c34cd8fd3b27e93e2a58eca9b9a26075210131ea 359708 libpng-dev_1.6.39-2+deb12u1_amd64.deb a6b5db156745e563db20d8688bf5a05799da22ac79fee70d22445b7d3b94abfd 50228 libpng-tools-dbgsym_1.6.39-2+deb12u1_amd64.deb 94dfea52051da795b1633ed3c32eceb2ed51d97115738270fa85fc8c503a255e 127240 libpng-tools_1.6.39-2+deb12u1_amd64.deb f4a58c9ca2e24725ebd759ca53fc1490d7f09e4cddf762a1a49329ba5a79f194 7532 libpng1.6_1.6.39-2+deb12u1_amd64-buildd.buildinfo de94e5ad8bfd59eacf32c9e0ca813f1574527c881967240abc620209291d7e98 246100 libpng16-16-dbgsym_1.6.39-2+deb12u1_amd64.deb 1e9f114c892778c4e61616b8c00c9c57275dc6cef88753bc7c6825090dfd0a2d 93328 libpng16-16-udeb_1.6.39-2+deb12u1_amd64.udeb 3248ce896bfffb6bd9b71512d321d0997b95bd5f3bd5736715f97c7345cb59a7 276032 libpng16-16_1.6.39-2+deb12u1_amd64.deb Files: 535b3d64ff34d2e33dfd9e1011f7b085 359708 libdevel optional libpng-dev_1.6.39-2+deb12u1_amd64.deb 2076d3bde4eac241e4ad4ce0cdeaa898 50228 debug optional libpng-tools-dbgsym_1.6.39-2+deb12u1_amd64.deb 95104f7dee844126f04effaa521a8167 127240 libdevel optional libpng-tools_1.6.39-2+deb12u1_amd64.deb 2d04097d55fc77ff552b2279fc5997c0 7532 libs optional libpng1.6_1.6.39-2+deb12u1_amd64-buildd.buildinfo caacad4a906247c21b6312bae65493d8 246100 debug optional libpng16-16-dbgsym_1.6.39-2+deb12u1_amd64.deb bab8e3594ca2d003bdd355ec56d6e6ff 93328 debian-installer optional libpng16-16-udeb_1.6.39-2+deb12u1_amd64.udeb 3b6afe93541fb27c3651f30fbe3293f4 276032 libs optional libpng16-16_1.6.39-2+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmk0R2EACgkQ8IREj/cR iTNb9BAAtr4wTBJjQAGJqjhXVRMdDB03FW10qZrEJItuRYcxG7JD+aPgocnAADbU B0yXQjlUVIdUnuNalh6foN1cTko0N4x8vSr5s/FNKiFRU53/Hfic8DMGIH8tMkMq ZyEYUeVp6fbPzh3omFvoULX+NVQuMlAnxf8JKIOhov9lpUfFaxnwnxjgJlxxjOBU 13ga+us2elpiNCg2d5IpwZzj6M2gcJumVlZd2VjUBf9kGZvmFXc8n1QpryxWQtTB IXV0RvI25+tNAg/PcH1wUwo/SHIcjol7oSUKO1Fg5pvqoJ8a2d1Le9znf+kWccAP 3ZBZqKwDuV7cenXlzj679NwfUASEe2X8tSHXz9t4J5LDJKIEzKozcWx6ulTgrusE oBhWhrZujtHhEzoXZhMxMmelxMG0vIPrD1nfVG/3T9zpYzb5SJgR7u0h/d4g1XlD fayonMgYImsd/xiyj7IjRLRuTwUpplJGSkSu18EI8Y9zIFce46XCLHZMgw2a/4kU u3mk2VHVuqSFvobXHQEq+lGqm/0fJHLfwxSBhAcXy9mVD8Gwwgl/ak2W/enx/MzG ZxyeQUewnoByzTG7FHULCEivvHFd4mSrpARECvJuFpggwriETuLRpRc+QwimbqP1 dP/kgUTi19KLcyQYeSbnskO5wsRsIopRtVNXGn2ZZ3LGKEza6Dw= =FuR/ -----END PGP SIGNATURE-----