-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 May 2026 14:30:14 +0200 Source: libpng1.6 Binary: libpng-dev libpng-tools libpng-tools-dbgsym libpng16-16 libpng16-16-dbgsym libpng16-16-udeb Architecture: amd64 Version: 1.6.39-2+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Tobias Frost Description: libpng-dev - PNG library - development (version 1.6) libpng-tools - PNG library - tools (version 1.6) libpng16-16 - PNG library - runtime (version 1.6) libpng16-16-udeb - PNG library - minimal runtime library (version 1.6) (udeb) Closes: 1133051 Changes: libpng1.6 (1.6.39-2+deb12u5) bookworm-security; urgency=high . * Security upload targeting bookworm. * CVE-2026-34757 - Use after free. (Closes: #1133051) * Cherry-pick upstream regression fix for previously fixed CVE 2026-33416. Checksums-Sha1: 1279cb0604356e3707685ec6e324e342fb47ae2c 360472 libpng-dev_1.6.39-2+deb12u5_amd64.deb 0ee32da001a796ff6f977214771b505c411835c7 50228 libpng-tools-dbgsym_1.6.39-2+deb12u5_amd64.deb 55776f41173ce1e7d32ff2578538f8f48944e35a 127400 libpng-tools_1.6.39-2+deb12u5_amd64.deb 5a773e096f662cf59bc76d4a1a6b7de3a8b03eb5 7536 libpng1.6_1.6.39-2+deb12u5_amd64-buildd.buildinfo aa791fbb3c68d05029d0825fbdb4ba596b458883 247588 libpng16-16-dbgsym_1.6.39-2+deb12u5_amd64.deb 87aab92a627d6eb1672abb8ee4859529d64683e0 93660 libpng16-16-udeb_1.6.39-2+deb12u5_amd64.udeb e3d7c8c1c9a232f8d6b0e776dc319b98062e0d70 276660 libpng16-16_1.6.39-2+deb12u5_amd64.deb Checksums-Sha256: 25649c413d02092ae7b1093a3c3ee54cbd2d4fdb0a0494787e434ccf0905903f 360472 libpng-dev_1.6.39-2+deb12u5_amd64.deb a488a53b493dc09aea06be7dca7c6d3150b1614de9788eec0f6cb4f17703d52d 50228 libpng-tools-dbgsym_1.6.39-2+deb12u5_amd64.deb 539035c57650ff41d973ba2ab7f6a4edf1c6bd19b0fb39f6f6ce965409ef161b 127400 libpng-tools_1.6.39-2+deb12u5_amd64.deb 4da332d6fa79bd0ba4268b930ee59b4e2794b8ae6ba128e5e32c04c8459702db 7536 libpng1.6_1.6.39-2+deb12u5_amd64-buildd.buildinfo 02da34791406c7e132908de12dcf7a25b79d3fe3f67024fa8619bfd7ce7d67a3 247588 libpng16-16-dbgsym_1.6.39-2+deb12u5_amd64.deb bdd96fa4c7fd3d2f6c457b391d87af66e14d8427a8c5e521c1d4f9ece5ed6ac9 93660 libpng16-16-udeb_1.6.39-2+deb12u5_amd64.udeb a56d64bfaa9da12aafb83347909e62e6fd5fd251e6b34c194065911a30359978 276660 libpng16-16_1.6.39-2+deb12u5_amd64.deb Files: 73cf6fb43af4075c296e0254b54f8fd8 360472 libdevel optional libpng-dev_1.6.39-2+deb12u5_amd64.deb e1140ddac0c38b42e97dab0ffa57e2ba 50228 debug optional libpng-tools-dbgsym_1.6.39-2+deb12u5_amd64.deb 16fdb068251a2de98c1bbfd2275c45e7 127400 libdevel optional libpng-tools_1.6.39-2+deb12u5_amd64.deb 888a7a7db191ccfb2d4dd06d47d19c63 7536 libs optional libpng1.6_1.6.39-2+deb12u5_amd64-buildd.buildinfo 717a6ed77e95721c9a62e07d17e38b0b 247588 debug optional libpng16-16-dbgsym_1.6.39-2+deb12u5_amd64.deb 6fff557b5c2fc089c926504850342fc3 93660 debian-installer optional libpng16-16-udeb_1.6.39-2+deb12u5_amd64.udeb 68473ba62d4ba1ad8d4d5f22970ceee8 276660 libs optional libpng16-16_1.6.39-2+deb12u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmn+D84ACgkQbheoBegw XLJrdxAAj/SxC1RMRC08zeAl5TWRF+d/cw1vLareNQl8Z351dpotFXzA1dEX9ZW1 qLoSF+rfBMPMwpMmWeksw+uPKb6mPjzL/crz4xWKP4z5iBPtVChHpywVTd1XKjSd J8MArcJuSZqshRyXDY8CEL3nqicTisTzs+ZlAlzG7SrrRxBlY/dMgtjHKUz2qVzn SUdaIoA0s4Oxv39TtMp8Jl2Vt4ZLMR7CJYcedQB28lRSoHlhbdIOtozeYJux2gWW aAOpAd9INYnXgcO1hJTnSur4vuLmoe4Yhpe6Ai92I3agT3A0CZ28TtroT9xxoTLS JznBOAkcdznj2MChJyBrLKVz9tOP7VW+LQmKoZ69ud5bcW+/ib7cpDkCjZickbm4 Hp4ud55QEX/mttvTkzvJ9xGokoSjS8rLv3FBvmZzJCfYwgsQw2ds9wFVRFnD8ZSB yHDmQcDZgyWq5jYxZWMm46b5cuRHA4+Pf5PlvIaoO7UOm2SwGFtrN8Pwo5vYgJ6K CIBbLa+Rm4cfBX++xBn1fXLJltIkBA9SM+1l30V4TRxRq4roKvD9WSr2SWakpjUc +AHdTNOZQ4QxhaoQ0h0mK/cfT7Tj6nDce8asZSXlWn122uxXb7epy7nb1CJqXXGd p9grmZAfMHGted7+ausbf1dLa1ZdpbD1NBCkYsP+uis84m+JiVU= =WxtC -----END PGP SIGNATURE-----