Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted libpng1.6 1.6.48-1+deb13u1 (source) into stable-security
Date: Wed, 10 Dec 2025 08:50:13 +0000
Signed by: Tobias Frost <tobi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Dec 2025 11:10:16 +0100
Source: libpng1.6
Architecture: source
Version: 1.6.48-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Maintainers of libpng1.6 packages <libpng1.6@packages.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1121216 1121217 1121218 1121219 1121877
Changes:
 libpng1.6 (1.6.48-1+deb13u1) trixie-security; urgency=high
 .
   * Security upload targeting trixie.
   * Backport fixes for:
     - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219)
     - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218)
     - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217)
     - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216)
     - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877)
   * Set gbp.conf for trixie and enable salsa CI
Checksums-Sha1:
 ca2e392335594a5f9ef7134f9b14d5085944d0de 2286 libpng1.6_1.6.48-1+deb13u1.dsc
 4a0d9412d92e7052f187ba3287875b0220466306 1572923 libpng1.6_1.6.48.orig.tar.gz
 c158ecd3f0e96b8ca96583a99243e9d9f25de6dc 39324 libpng1.6_1.6.48-1+deb13u1.debian.tar.xz
 bc7018bd97e8c6e03227f84d6e97e343f25ca885 7115 libpng1.6_1.6.48-1+deb13u1_source.buildinfo
Checksums-Sha256:
 0f0a79157e67ab9b2df6ca77192b5255277ae5d07a929d9a0ee8cba1ceedb21f 2286 libpng1.6_1.6.48-1+deb13u1.dsc
 b17e99026055727e8cba99160c3a9a7f9af788e9f786daeadded5a42243f1dd0 1572923 libpng1.6_1.6.48.orig.tar.gz
 416084e356fed53da55e399ec8ea720050db9013a7c28f68454f27a53cf42563 39324 libpng1.6_1.6.48-1+deb13u1.debian.tar.xz
 2c582e601bd88327d2ad752d13ac1146f5ea740524af96c2692748923a1afa9c 7115 libpng1.6_1.6.48-1+deb13u1_source.buildinfo
Files:
 dcf893119cec79d50047f14ebbc28e1d 2286 libs optional libpng1.6_1.6.48-1+deb13u1.dsc
 be6cc9e411c26115db3b9eab1159a1d9 1572923 libs optional libpng1.6_1.6.48.orig.tar.gz
 6f42ca35f3994adb887939a00181f8b3 39324 libs optional libpng1.6_1.6.48-1+deb13u1.debian.tar.xz
 3e92a99d140ac71577a5b1c535e15483 7115 libs optional libpng1.6_1.6.48-1+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmk0QLgACgkQkWT6HRe9
XTb/rQ/+O5p/wBMCLmO+HTOQFnkARZZPzrEoE04Sz0JMVPYZeewMzECFysZtIqdD
7KZEdiTVVbPEYlnpHpRYCdNg1gck7uShbDfbj2WL6Ki82H3N4pC/nL48GxjOvwz6
YWKOqpotyzO7asvyxh0ewt4M42pI2HRbREPqPapzSWc924BOBcLYjq4SS6VmYNrI
DJUY1YLnnekxrwhuFqTPcsslkaUMnfhMXzJfHxguFVo3YkSike5/FZCG4wJVMl4e
a5KRLBfTeiTqedxP50HQGgihYJdXSlnLxa6xghR6uzzByUPKG5WPCaK1rWGAa9Fn
0e8B0oY6WpUdmMalOrWmTNPFvt6ABajUKxIHwL5MfOpHhUKPLHGOZ+tLGZQdFkn9
19KZoVKRXZctqBtuPOpeXjlB0L/RVdqN+Iupf/Wf9Lpubdq3mrokssz6Gx/FbAnW
Hltco0nObLR/bEbJcvkznquK5HLuOKSXYIq9Dnk7y2hSEIOIg3W6fxB4DiqduU6t
rO6p2JSNVP7Q/eLXzR6axam3YAoMZwvtzFqcwiod5NBrBocd7om4pK2am32XJNH5
t14KvJsQHLmx2t6ey+YH1Q04VX3OiOJUDToOu6BuTLFBmvSXscxmUtnvtVYPtbf5
8zCC1h89Dt1w0oyI/p+yAL2R+bMzI2hp/f6l8oer+z8FHNQmKys=
=khXn
-----END PGP SIGNATURE-----
News for package libpng1.6
