Control: tag -1 d-i Hi,
On Sat, Jan 24, 2026 at 10:29:25AM +0100, Tobias Frost wrote: > Package: release.debian.org > Severity: normal > Tags: trixie > X-Debbugs-Cc: [email protected], [email protected] > Control: affects -1 + src:libpng1.6 > User: [email protected] > Usertags: pu > > Upstream has released a new upstream version fixing two CVEs: > - CVE-2026-22801 - Heap buffer over-read (Closes: #1125444 > - CVE-2026-22695 - Heap buffer over-read (Closes: #1125443) > > CVE-2026-22695 has been introduced by CVE-2025-65018, fixed in trixie > via 1.6.48-1+deb13u1. > > I've coordinated with the security team and we've settled on updating > the issues via s-p-u. d-i ack required for the udeb. Thanks, -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
