Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libpng1.6 1.6.37-3+deb11u1 (source) into oldoldstable-security
Date: Sun, 07 Dec 2025 08:10:20 +0000
Signed by: Tobias Frost <tobi@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Dec 2025 15:01:38 +0100
Source: libpng1.6
Architecture: source
Version: 1.6.37-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Maintainers of libpng1.6 packages <libpng1.6@packages.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1121216 1121217 1121218 1121219 1121877
Changes:
 libpng1.6 (1.6.37-3+deb11u1) bullseye-security; urgency=high
 .
   * Maintainer upload by the LTS Security Team.
   * Backport fixes for:
     - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219)
     - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218)
     - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217)
     - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216)
     - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877)
   * Set gbp.conf for bullseye and enable salsa CI
Checksums-Sha1:
 0c0380da8db9e2a12d86c95cfaf3b7b8fb2cf016 2257 libpng1.6_1.6.37-3+deb11u1.dsc
 1aac0e12aa5b583f736fb6692f47dff7a3efa78b 1508805 libpng1.6_1.6.37.orig.tar.gz
 3fed2b32724f5250e3f922b210c3c15bec11fc49 38236 libpng1.6_1.6.37-3+deb11u1.debian.tar.xz
 507d4ccf5444a0bacc74fb9ba92a17d80f113e14 6050 libpng1.6_1.6.37-3+deb11u1_source.buildinfo
Checksums-Sha256:
 8eb61db9c7e01dffcaf2087a4e682ee38fc38fa2b770e600cee34043e51f0a58 2257 libpng1.6_1.6.37-3+deb11u1.dsc
 ca74a0dace179a8422187671aee97dd3892b53e168627145271cad5b5ac81307 1508805 libpng1.6_1.6.37.orig.tar.gz
 ed29c408c5ddeb7574c1ab71f895c107b945d51db982565959816c7c28315058 38236 libpng1.6_1.6.37-3+deb11u1.debian.tar.xz
 f8924c1d0b92b6b393ab184e4f2847425d85207b2638c61c2abef26c3c7181d7 6050 libpng1.6_1.6.37-3+deb11u1_source.buildinfo
Files:
 3f1518ab9e019bf81a07c02a3a28a316 2257 libs optional libpng1.6_1.6.37-3+deb11u1.dsc
 564aa9f6c678dbb016b07ecfae8b7245 1508805 libs optional libpng1.6_1.6.37.orig.tar.gz
 7d3cb27680127cafa56837c99cf19e39 38236 libs optional libpng1.6_1.6.37-3+deb11u1.debian.tar.xz
 236df2563d94dd77912631a4a69892cd 6050 libs optional libpng1.6_1.6.37-3+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmk1MuwACgkQkWT6HRe9
XTZd5hAAmg/SqaYrVk0sLSAu1ENRaEHMA+4cg/krG67TTgnC3pj/Q8Fn/QLfnWgf
pIe6Cu/M3CPRUcIh8v6zLho2CiphkoBfoSb9h3/fL8CNZY1HwXFYkm0Q4UbtzAOF
iTFQrxBmpX9PzAoRvlPPEqnpihMnoqGd/qIY1haia3Hs2JdEbL4mt5+UZTODB42P
pyPkfe8w7jcha66qGvEQ9nJzXq0acNuy7ILWNkcwc5Z7OGpN8V1Akvp5HcLhaK76
9kkocvPwZlz0nvalPBQSj7ux9AI5F6hY0cPXaZMyuzVIT6qrS+gZdUONAdzfTsaW
XREL65F0XhRDKpn4bYJhvNbo80xAiMNZkEd3DEgcC6V+oV2FCrE5LqsXcErZ+nap
d3ZA+nQjqFutY9q9O3E3KUO3pTovrWkGKi+GOeY0S6AbumOhKx70lZZeWLrsb+53
Qhq6u1RwGQf+OCFgLNAdrynKmDHhSR3YyPSj9XJFG8HlIiGkVvfH6+MRqqBGBsqt
iCMuDGlFDzxDCxDh52YfP5aogTIO5XOfGdOIYmqdMmDhHP6f/dju45lWR2BqdlzI
b+pYkmVtBMWhqJqp+8uYbvas9F/CdQ1/7Rgryk8FC5n2b83a7g4Boyk2rQ6z0df5
ssmOSmxCc/Kz/GHIhzTBm2+fczHRz6wr85wIpy/pkS57qXQXnOU=
=RHdf
-----END PGP SIGNATURE-----

News for package libpng1.6