Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted libpng1.6 1.6.39-2+deb12u1 (source) into oldstable-security
Date: Wed, 10 Dec 2025 08:50:06 +0000
Signed by: Tobias Frost <tobi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Dec 2025 11:15:39 +0100
Source: libpng1.6
Architecture: source
Version: 1.6.39-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Maintainers of libpng1.6 packages <libpng1.6@packages.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1121216 1121217 1121218 1121219 1121877
Changes:
 libpng1.6 (1.6.39-2+deb12u1) bookworm-security; urgency=high
 .
   * Security upload targeting boowkorm.
   * Backport fixes for:
     - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219)
     - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218)
     - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217)
     - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216)
     - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877)
   * Set gbp.conf for bookworm and enable salsa CI
Checksums-Sha1:
 ba5ec9d57c9e70978a26be163e8ac7263d6eb02b 2273 libpng1.6_1.6.39-2+deb12u1.dsc
 d384c4526a84d213f697108258c490adc99b4cdb 1519415 libpng1.6_1.6.39.orig.tar.gz
 c1857ce68b4ad5bbfafb151fd63c8bb0d3597dec 37092 libpng1.6_1.6.39-2+deb12u1.debian.tar.xz
 210b50a2f3563a7e0f7adb0087b69793a5154133 6050 libpng1.6_1.6.39-2+deb12u1_source.buildinfo
Checksums-Sha256:
 6b663fc339dbe78547d442c70e82096efee15840ba63681b0073d57a658b7a10 2273 libpng1.6_1.6.39-2+deb12u1.dsc
 a00e9d2f2f664186e4202db9299397f851aea71b36a35e74910b8820e380d441 1519415 libpng1.6_1.6.39.orig.tar.gz
 a73d8896e915e623873902ec2f1f51d0aa4c93d8f51c11f56a627cd79336c9ba 37092 libpng1.6_1.6.39-2+deb12u1.debian.tar.xz
 e966ceb0cf95d7bdb519ddaa40ab0728241a6f52202eee8f9cbde53a715ccc15 6050 libpng1.6_1.6.39-2+deb12u1_source.buildinfo
Files:
 43de83d38d2b53ae1864d73ecc16a631 2273 libs optional libpng1.6_1.6.39-2+deb12u1.dsc
 a704977d681a40d8223d8b957fd41b29 1519415 libs optional libpng1.6_1.6.39.orig.tar.gz
 d2043ff6b2f269a6a2ca99b834db2907 37092 libs optional libpng1.6_1.6.39-2+deb12u1.debian.tar.xz
 d5581136f8901794559b312f97b54223 6050 libs optional libpng1.6_1.6.39-2+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmk0QTYACgkQkWT6HRe9
XTYs2Q/8DHugzTf9Lbg3FTMI0VI2V3dyAETgtlkRitMUxwn8icLy+9zcPJfxpxY8
O4reS/g/6m+GOWRIFxHT6me2o8MN5sS8mH7Wz0Cnhy1Lfi7snhcsgJp/Ks45uWui
mZ4BdmwngxMie9m8q55JZbCi743EQuqJ8SAnbIlMwFQpcD5dqIkGXhIjmOZCvwwI
W+d7GsLole5apcv1zNN69rO9TivpQG15dXGnfcxCY6CJuCAP1tTwWLUMxm61dHkp
TFOObAkmqt+2uUqyx8yUmSWvP4ar9YGor/OutrbyR5Ey8oNRfd2jpLGcsZ3zcp6Q
naTM274VonX02EUlNnTC48rJPb8QLH59KtcaIxvB3R6HBjEMYkFoiXQUCI9C+yim
A/23riAJFz4u/Z9HRtjCWYxcCudVoGQyT7XuPl7LOiLQk+QbwcuVe27s44x009zH
ZIVWs/Cxx4POF7vW7/IkMf0GbFpScTWudm6M1qn9IvEwjSt7ITpDji4hIfANZ6SN
V9QuQRbo5mIEhhN7chu88jlKRaARXPCMkaahP9nXB3KDbsyvqAxo1FBkxDNX4bGJ
DUPh7AuGjG8PP9MrGlKxdLxsATTsfzUU6djeMGteWqfcxcLdIuvmhNkZQCCZqyq8
XlXUZ8PwoqpkU/NV7c4WyOcA9BUjH8kQne6jcFb6KddRPO1zdxw=
=4yBQ
-----END PGP SIGNATURE-----
News for package libpng1.6
