-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Dec 2025 11:15:39 +0100 Source: libpng1.6 Binary: libpng-dev libpng-tools libpng-tools-dbgsym libpng16-16 libpng16-16-dbgsym libpng16-16-udeb Architecture: i386 Version: 1.6.39-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Tobias Frost Description: libpng-dev - PNG library - development (version 1.6) libpng-tools - PNG library - tools (version 1.6) libpng16-16 - PNG library - runtime (version 1.6) libpng16-16-udeb - PNG library - minimal runtime library (version 1.6) (udeb) Closes: 1121216 1121217 1121218 1121219 1121877 Changes: libpng1.6 (1.6.39-2+deb12u1) bookworm-security; urgency=high . * Security upload targeting boowkorm. * Backport fixes for: - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219) - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218) - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217) - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216) - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877) * Set gbp.conf for bookworm and enable salsa CI Checksums-Sha1: a72f985a79004b2f8df8f341025badab72bbb42c 368072 libpng-dev_1.6.39-2+deb12u1_i386.deb 0f5533e447c608c9d2baf4aab98ff08237b208b3 49284 libpng-tools-dbgsym_1.6.39-2+deb12u1_i386.deb c77040e158c049e37efcfb8b0acc6b7bae3c3d7b 127324 libpng-tools_1.6.39-2+deb12u1_i386.deb a8670f380af6fc095f1330826297fb991c3431da 7463 libpng1.6_1.6.39-2+deb12u1_i386-buildd.buildinfo 6e5680461e57a5e851e5facb0644d9329d0f123a 214492 libpng16-16-dbgsym_1.6.39-2+deb12u1_i386.deb 84ed93e88d5a45b0843f4a7e306d436477f8ee1d 101088 libpng16-16-udeb_1.6.39-2+deb12u1_i386.udeb 9e63a9ff92453802a03730fe5f17bca594b475b3 283920 libpng16-16_1.6.39-2+deb12u1_i386.deb Checksums-Sha256: 478cfb554684dd0199b68b94ce06684562a9f36dd6247c978cc311ba3a5f6fdc 368072 libpng-dev_1.6.39-2+deb12u1_i386.deb dde551c93ceb334e2b01e8337c2d72ffa786ff9d015acc448fff91fdcb6def8c 49284 libpng-tools-dbgsym_1.6.39-2+deb12u1_i386.deb f4711f46e02c7a9238b95bb5f31576a83e798c45d2e9dfc836b4286527c35e0b 127324 libpng-tools_1.6.39-2+deb12u1_i386.deb 0d3784b1d7d9a08eb0f1a9a52fe6db1cab0bba6640ba0384ad6890b050fe3a55 7463 libpng1.6_1.6.39-2+deb12u1_i386-buildd.buildinfo 3ca2f91b06600c845f5a4664d6617cbd66f9ea9fbfeac8f7a219cb3ee9ba9695 214492 libpng16-16-dbgsym_1.6.39-2+deb12u1_i386.deb 79e3ee4c675b4f795b7f39c5b2b93ea0532fcc7cd64b80c0a2da0fe82bb0051d 101088 libpng16-16-udeb_1.6.39-2+deb12u1_i386.udeb 45fd7edeca5a2f690154c424f6466053be68ac3debca1dbca4ac0ba200e1133a 283920 libpng16-16_1.6.39-2+deb12u1_i386.deb Files: 8544253c7a864b3e9224e6b43fba5466 368072 libdevel optional libpng-dev_1.6.39-2+deb12u1_i386.deb 693925551b55a206316a9a0dff0efb47 49284 debug optional libpng-tools-dbgsym_1.6.39-2+deb12u1_i386.deb ac14c9630662bfdeed536f6013e696cb 127324 libdevel optional libpng-tools_1.6.39-2+deb12u1_i386.deb 8b0d55ea0db9f469377b64316805a3ec 7463 libs optional libpng1.6_1.6.39-2+deb12u1_i386-buildd.buildinfo b552033cde52e59c2abda5480bec2c52 214492 debug optional libpng16-16-dbgsym_1.6.39-2+deb12u1_i386.deb 8a616fdacaf617eac86e22e8ddf26364 101088 debian-installer optional libpng16-16-udeb_1.6.39-2+deb12u1_i386.udeb 24c33b23efb07591b9eb06f60a22600d 283920 libs optional libpng16-16_1.6.39-2+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmk0Rw4ACgkQvGw9w6Vr LCf5dQ/8C8hwooQACQIugG6lxa9mqy9+5kFKBHae9S7Xk89HKi/l1DYI2T2XdoEg eQREz45OkxSvsQthvvWlItQspkH0JvI9Sio94PpgDjeZa+6RhlMI86CnPTBjw/2P jg8SHtcqzVfdEAsy40IAhTe5PtlYgHZtzDt4YMBLpdS+I9Nlz0sYwUBau9m7bEK9 0dopyn31rM6KYbrS5z0gu2tvXXTv7t0k/NqQSFFPNAucZV8Bhh3rDbKWKD2Ihs9D Arn9yiHFI7OVgmlzs+MYjiex+jok5CU5YVKdunIMLRr1oHfgBFU1YjZ9njNXlcv8 vJw/IHPQWvjgrFNIdq2ldSd01EtK6nTvJbHnloRkraE6K4oH2ogFqs3PJLElTj6r 7FITUzVgqQf6xKF3B0Q8Gjq7gwDVVJHoZK/0xJgIazgloKlUNDV+wTzeFBweZCH1 BUaQIvuEDMkGJ9BMpkBKuS3JJpDAz+X6gC0CJoi68Qu0HcuBectaCerf3SZ0TTyK SmwXMp0acBT3GeQcV4lTZLWuvtq6TxU/2Ujh2+BNAXKkbqLaQieVos/TodYCcq/Y HC6jdl2yDGyYD4W+0nnWJkGuEJHmxDEGo1SOGbVZBcz3tJp5u5dv5uiB7ohDqBUz 3UCh/GCRXixGWTbPYG+gNIrgHZlOVYZ9z0yTFtSRGqJZqJqNDhM= =/VYC -----END PGP SIGNATURE-----