Your message dated Thu, 04 Dec 2025 05:49:20 +0000
with message-id <[email protected]>
and subject line Bug#1121877: fixed in libpng1.6 1.6.52-1
has caused the Debian Bug report #1121877,
regarding libpng16-16t64: CVE-2025-66293
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121877: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpng16-16t64
Version: 1.6.51-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Hey.
Since it’s not yet listed in the security tracker, apparently
yet another hole was found:
https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f
Fixed in upstream 1.6.52.
Cheers,
Chris.
--- End Message ---
--- Begin Message ---
Source: libpng1.6
Source-Version: 1.6.52-1
Done: Tobias Frost <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libpng1.6, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated libpng1.6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Dec 2025 06:24:43 +0100
Source: libpng1.6
Architecture: source
Version: 1.6.52-1
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of libpng1.6 packages <[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1121877
Changes:
libpng1.6 (1.6.52-1) unstable; urgency=medium
.
* New upstream versoin 1.6.52
- CVE-2025-66293 - Out of bound read (Closes: #1121877)
Checksums-Sha1:
29d7a7b3178ec42f7fd2e245781312ee53a3a4d5 2254 libpng1.6_1.6.52-1.dsc
71605dc80b1bae813ff01e29585d36f1d4bfa435 1584153 libpng1.6_1.6.52.orig.tar.gz
b3c638c97238861114131a4304fa4a37bec9abb8 33484 libpng1.6_1.6.52-1.debian.tar.xz
afd2c269ab5aa6d7ab4f6a8ba0b27d6b3e05419b 8319
libpng1.6_1.6.52-1_amd64.buildinfo
Checksums-Sha256:
249b351c1dd8c068822090ce222fee88fb6f307b591816f3e91b0e442e506d72 2254
libpng1.6_1.6.52-1.dsc
07098f37e7b7570fc06d2ccbaaf5a47e9344fc36e773e312e334a083689a6212 1584153
libpng1.6_1.6.52.orig.tar.gz
ae20da146e9500b93fc225dcae89d116121ac5050bd07a702a26e59ad35a35f4 33484
libpng1.6_1.6.52-1.debian.tar.xz
063084db93dfed92c41180e9e0142a1356c33058ec443bc5024703ee9e9e7465 8319
libpng1.6_1.6.52-1_amd64.buildinfo
Files:
56575179beed9cd08b8e5cfd8b1e0dfd 2254 libs optional libpng1.6_1.6.52-1.dsc
c4bb01217a667fdf906d8ffd7f65bf60 1584153 libs optional
libpng1.6_1.6.52.orig.tar.gz
5347a1e81737cf331c321cf5ca937106 33484 libs optional
libpng1.6_1.6.52-1.debian.tar.xz
411757e2c483245e7adee36cbfc23101 8319 libs optional
libpng1.6_1.6.52-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmkxHGwACgkQkWT6HRe9
XTZmOA//YgqPasSjM57e87idQyu707A63Kc+hidka5dB9DgEUzPBn8H+P3JOYiw8
jU5ybNFsB9a603KIz8g4z+Fkzc4P5J4w0EkUlNyctCLVVpsZZbiP7xZtGiH6v7CS
BHlxCmIAy563GSpqOcVgpUBvuarpnDze+8Oju8Wee4c53ONa+zXr1veYSoZdSefz
GO3BEFVHhOvj0EOU1D+88Q81lkym5e4igdaJvHC5xV1qTcJ/ARgCXQpGebEfVhxC
ltuZYqIxnpxZ7mlO2d/JDajTZiOnqu7UeIbd2Tf4E8czpKtpa21/PchidyzBGQYv
H2zITbjvOHN68oc9jZn7g9stEqKk8fq6tZxNjQ8gx24z6ItiYgmVFtCjJeqizggf
CnoB2CfhG/Emf9JpF5wnK9ZYZIajE1oIDbg0QucVNQ+kHujsyMJAtKcWFnVCUM1Q
FdFUrigsLk3hehA+F+n72zt8FOUCmWrvws26rgWU1dhf68gPw8AvW006QunLFr3M
UjVCeF1K3g6zzVVOf6jptrGScVPWOaoZIJafko+5Mi/Y1PevMZg416LCI3wFo4mS
XkFFZ+Gd7zh6kL9zxDDXv86CXG8l/Z6LeAVhsh6q7TWfVhvNkX2WYLDsDr2jpT96
+sOy+4pE1Giop183wXaS3W8aXbpS++wmAZUa3gKEHQYxSFBLN88=
=I4SZ
-----END PGP SIGNATURE-----
pgpOT4WszhMHk.pgp
Description: PGP signature
--- End Message ---
