Your message dated Thu, 12 Feb 2026 10:04:54 +0000
with message-id <[email protected]>
and subject line Bug#1127566: fixed in libpng1.6 1.6.55-1
has caused the Debian Bug report #1127566,
regarding libpng16-16t64: CVE-2026-25646 (with alleged code exection)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1127566: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpng16-16t64
Version: 1.6.54-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
Hey.
As per oss-security, a fix for CVE-2026-25646 is out:
https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
or.
https://github.com/pnggroup/libpng/releases/tag/v1.6.55
Cheers
Chris.
-- System Information:
Debian Release: forky/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.18.9+deb14-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libpng16-16t64 depends on:
ii libc6 2.42-12
ii zlib1g 1:1.3.dfsg+really1.3.1-2
libpng16-16t64 recommends no packages.
libpng16-16t64 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libpng1.6
Source-Version: 1.6.55-1
Done: Gianfranco Costamagna <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libpng1.6, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <[email protected]> (supplier of updated libpng1.6
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Feb 2026 10:55:21 +0100
Source: libpng1.6
Built-For-Profiles: noudeb
Architecture: source
Version: 1.6.55-1
Distribution: unstable
Urgency: medium
Maintainer: Maintainers of libpng1.6 packages <[email protected]>
Changed-By: Gianfranco Costamagna <[email protected]>
Closes: 1127566
Changes:
libpng1.6 (1.6.55-1) unstable; urgency=medium
.
* New upstream version 1.6.55
- CVE-2026-25646 (Closes: #1127566)
* Bump std-version to 4.7.3, no changes required
* Drop R^3: no, default now
Checksums-Sha1:
553754fa08537a558f0df3717483ad3422a65946 2254 libpng1.6_1.6.55-1.dsc
8cae28e641033d273e316d5281670fa89872b572 1586616 libpng1.6_1.6.55.orig.tar.gz
6d49b0817b63aae19032b21b0c282c57a587e87b 33544 libpng1.6_1.6.55-1.debian.tar.xz
9e7877636d3c6ef490be64202dcc3aa76d5abb40 8326
libpng1.6_1.6.55-1_source.buildinfo
Checksums-Sha256:
86f30af94c8b4e508eb471ae7686518fe2a1eb14e325829b7b154e78d0b0f7b0 2254
libpng1.6_1.6.55-1.dsc
71a2c5b1218f60c4c6d2f1954c7eb20132156cae90bdb90b566c24db002782a6 1586616
libpng1.6_1.6.55.orig.tar.gz
d3294e8e1adea044a78558943a2dbc3b9c25d226fd6d9abb5e4fb942f37bd5d7 33544
libpng1.6_1.6.55-1.debian.tar.xz
9e68a015531cb42824ed9d055bde77543ec0353b16cfb4f4f8c528521af37260 8326
libpng1.6_1.6.55-1_source.buildinfo
Files:
e05bdf7b9c9c331626500eab82ae86ab 2254 libs optional libpng1.6_1.6.55-1.dsc
933118ac208387d0727e3d5e36558022 1586616 libs optional
libpng1.6_1.6.55.orig.tar.gz
48c26c525a7b2ac58c28d6a9d0591e76 33544 libs optional
libpng1.6_1.6.55-1.debian.tar.xz
3f4a2ea9be0c8eaa62f3529343479bd8 8326 libs optional
libpng1.6_1.6.55-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAmmNo/4ACgkQ808JdE6f
XdkXjBAArhFLbgBMMdo+Kl31J3FYqDMlO7M5WiATOCB1NWaNdniuvl9BJ6FcRB71
2garnTDhl1Qm5XJYrBBpQ32vuNYACV3o0xYHHv8sXBZtLO095aQjhkWSDAon7Ve9
fDLFzJZlXmLBi57CS0CZkOAw4dK6Tauaw+cw5dckqJ7uYF3IxmMAn4GLpQYBZWmM
wXG8by4BfWKFoej8WY9Lt4GhskXYomZuPL6t6hH3nyW7/XKFiaBi3kqy7Oxx87yB
wyQNt3fjG0wQ0UWHmHjiDXACY/cIVzO0u2D2I/VskR5WRSni/kG4PPTiRXxfDa/a
jmslpyRVhjgp8M+I8+ps//S37MrlFKBemZs2kT89/2l2GCIIvURVXNH5+wfnmjgb
Vn13JAuo9RGKFjeo3R9O/dnt5rO/uZmYz28Mma57y3oeqD0Raa+qKq0cot7cNTlP
5Vgof80Dyn1L+O6x/roQxArinqKPhK0BdpUodgTOvHW6IG5sDAjAc5JDbvMOJDiv
5eybaG2mCjieqW9O3YyLxXU2793g0BGbYjgBAhSglCDoZ6HJGHFAYh+/5KuWyK10
ZdIJ9VBghArOLYvkFrAqvjmOdrA3Z3+NwQdu2s4AFZ/j9Q+S21mCKG6C0fpVITke
+mmO0rSqq8ov3Ia4Tu03jpNrBQtOKqvnKm4/AIN5nmmTkeIY9nA=
=s8tv
-----END PGP SIGNATURE-----
pgpuDUjwWqR53.pgp
Description: PGP signature
--- End Message ---
