[Git][security-tracker-team/security-tracker][master] Reserve DLA-4481-1 for libpng1.6

Tue, 17 Feb 2026 10:16:44 -0800 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
efc91d96 by Tobias Frost at 2026-02-17T19:16:23+01:00
Reserve DLA-4481-1 for libpng1.6

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14428,14 +14428,12 @@ CVE-2026-22801 (LIBPNG is a reference library for use 
in applications that read,
        - libpng1.6 1.6.54-1 (bug #1125444)
        [trixie] - libpng1.6 <no-dsa> (Minor issue)
        [bookworm] - libpng1.6 <no-dsa> (Minor issue)
-       [bullseye] - libpng1.6 <postponed> (Minor issue, OOB read)
        NOTE: 
https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
        NOTE: Fixed by: 
https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072
 CVE-2026-22695 (LIBPNG is a reference library for use in applications that 
read, creat ...)
        - libpng1.6 1.6.54-1 (bug #1125443)
        [trixie] - libpng1.6 <no-dsa> (Minor issue)
        [bookworm] - libpng1.6 <no-dsa> (Minor issue)
-       [bullseye] - libpng1.6 <postponed> (Minor issue, OOB read)
        NOTE: 
https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp
        NOTE: Introduced by: 
https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
 (v1.6.51)
        NOTE: Fixed by: 
https://github.com/pnggroup/libpng/commit/e4f7ad4ea2a471776c81dda4846b7691925d9786


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Feb 2026] DLA-4481-1 libpng1.6 - security update
+       {CVE-2026-22695 CVE-2026-22801 CVE-2026-25646}
+       [bullseye] - libpng1.6 1.6.37-3+deb11u2
 [17 Feb 2026] DLA-4480-1 roundcube - security update
        {CVE-2026-25916 CVE-2026-26079}
        [bullseye] - roundcube 1.4.15+dfsg.1-1+deb11u7


=====================================
data/dla-needed.txt
=====================================
@@ -184,9 +184,6 @@ lemonldap-ng
   NOTE: 20251028: Still working in CVE-2024-52948 (abhijith)
   NOTE: 20251229: Asked yadd (maintainer of package) for help (abhijith)
 --
-libpng1.6 (tobi)
-  NOTE: 20260214: Added by Front-Desk (utkarsh)
---
 libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc91d96d6f3a69aee07468efb5697fccd8d3319

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc91d96d6f3a69aee07468efb5697fccd8d3319
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to