-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 May 2026 14:30:14 +0200 Source: libpng1.6 Binary: libpng-dev libpng-tools libpng-tools-dbgsym libpng16-16 libpng16-16-dbgsym libpng16-16-udeb Architecture: s390x Version: 1.6.39-2+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Tobias Frost Description: libpng-dev - PNG library - development (version 1.6) libpng-tools - PNG library - tools (version 1.6) libpng16-16 - PNG library - runtime (version 1.6) libpng16-16-udeb - PNG library - minimal runtime library (version 1.6) (udeb) Closes: 1133051 Changes: libpng1.6 (1.6.39-2+deb12u5) bookworm-security; urgency=high . * Security upload targeting bookworm. * CVE-2026-34757 - Use after free. (Closes: #1133051) * Cherry-pick upstream regression fix for previously fixed CVE 2026-33416. Checksums-Sha1: b7bc020bf61f87db8aedd37462cb1024ec511ebd 352892 libpng-dev_1.6.39-2+deb12u5_s390x.deb 5027943c02b2593a8e17797a7a77bc2f5b4ade7a 48924 libpng-tools-dbgsym_1.6.39-2+deb12u5_s390x.deb 6323557dc89558d2f3f26267b25a2e03468b3616 126588 libpng-tools_1.6.39-2+deb12u5_s390x.deb 690b0988c36bcff9882ee1399bc6b80d2bf1fe11 7423 libpng1.6_1.6.39-2+deb12u5_s390x-buildd.buildinfo acc5c1aad15f93f9f7b663cfddac5575a887fdda 245280 libpng16-16-dbgsym_1.6.39-2+deb12u5_s390x.deb 955f56b76fcdb8bf59b3160dc8cef18385533bb6 87560 libpng16-16-udeb_1.6.39-2+deb12u5_s390x.udeb 18a9f4bf0d4ef3d4378094d0bdb74fd7bf805a12 270440 libpng16-16_1.6.39-2+deb12u5_s390x.deb Checksums-Sha256: aba6f37d000b0c98fa3c4a18dddf03b23a8a700f4132fe2af68780a697d4f58d 352892 libpng-dev_1.6.39-2+deb12u5_s390x.deb 7eb91827d67148839d56b999be6d5b54c1008cb2b6b6ccc9f49bb9819fd38495 48924 libpng-tools-dbgsym_1.6.39-2+deb12u5_s390x.deb 4a89ff089691de88a2322136eda5db684074aef7366a8efca8f30a0ac13b8741 126588 libpng-tools_1.6.39-2+deb12u5_s390x.deb 3b4a7f1b2818cbfdfc7df0adb506bda8cf6883be9d9385bd86f652dd158ae25b 7423 libpng1.6_1.6.39-2+deb12u5_s390x-buildd.buildinfo 2d05cc835ab75fd62ed78c7aa7a6174f6c06fec649376d7ed5b6433c3a34f1d0 245280 libpng16-16-dbgsym_1.6.39-2+deb12u5_s390x.deb 0608274f97beffc76734a132dfc5bc86efffdc02df70dec98c22e88c986f324b 87560 libpng16-16-udeb_1.6.39-2+deb12u5_s390x.udeb 371151e5792970b41e7830ee8c159234fde523171898d2fd1995bb669adde3cd 270440 libpng16-16_1.6.39-2+deb12u5_s390x.deb Files: 26c23687f735d577e3bc250ab12053cc 352892 libdevel optional libpng-dev_1.6.39-2+deb12u5_s390x.deb bfda2ec5755e4149ea56654bd7fb5e59 48924 debug optional libpng-tools-dbgsym_1.6.39-2+deb12u5_s390x.deb 6c1011cca6f4b09c81e5b893339e5475 126588 libdevel optional libpng-tools_1.6.39-2+deb12u5_s390x.deb 251644d625f9f8f857bb48abfa03e99a 7423 libs optional libpng1.6_1.6.39-2+deb12u5_s390x-buildd.buildinfo 26ce3b13d9ff74018f925b3484727176 245280 debug optional libpng16-16-dbgsym_1.6.39-2+deb12u5_s390x.deb 93bec45c2240c396fb925c5531f3012a 87560 debian-installer optional libpng16-16-udeb_1.6.39-2+deb12u5_s390x.udeb caf42819b76137780900686acea86b5d 270440 libs optional libpng16-16_1.6.39-2+deb12u5_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmn+D30ACgkQkaCrxAR3 BY3s7BAAnWPCtjFAlfgBGVWwInmQHB0iCLr/jZychuvotJmV51TjGlrgCgk4AfBr mK0PuU11xayp0mGiFXxUMTjOSeABckw/pgTl0uVh+Vu56kPIW4kishVtk6RSRTvf jifOyOyxqI9RaDrXEIVkPqThzFYP3+uh5y8nzzqpftke6kQdrV0DlZi+6sgzPon3 L9s2TDxG4UhmduT13zPIyL2hwwxDzSm5SGmABlEZ1b5TsBk09OUMD6yf9fU43kuG dUphLYByRBywJ5yZFeWWlOFouJWscBny9S/w3Q2CGs7kGXaZs1xLxpPpm1K1kXwB AiWcPEJh524AFu5tqx6w+cDIKoGLdqcMxr0NHCsFFbbkj0PXF37Y24VmFnwE3Byg kCMVLTMHxMSB40BfKKZ5Z1DXIUv3NMNpfBawoE+suX+U56eNTuxMQor4L+UPiuio EJmVB6CMGLxU+EJkf2FAMBDmRP9DEcPjT4Wscpp7ruFzHYL8kppDNhg2hd9+l6yc U4O1CnrQ0fLtZmiIhFvAgd229jJ3P1BoNZXz3tBGb0TOToj006oWHhLJuMET6gud GsWkKqhl+7xH6fhLNMgO6PisjQi105UheJWldMpJ+08JZzzYpsq13jSwb8AI5Ypn kYFOOE8b4Z+oVdbjxBMFRTR1R3PacqXgl6/jBzK9L0QgFdo6NkI= =pQ0F -----END PGP SIGNATURE-----