Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f6f65d1 by Moritz Muehlenhoff at 2026-02-17T22:59:18+01:00
mark two png issues as fixed along with the DSA
- - - - -
3 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14572,15 +14572,15 @@ CVE-2024-14021 (LlamaIndex (run-llama/llama_index)
versions up to and including
CVE-2026-22801 (LIBPNG is a reference library for use in applications that
read, creat ...)
{DLA-4481-1}
- libpng1.6 1.6.54-1 (bug #1125444)
- [trixie] - libpng1.6 <no-dsa> (Minor issue)
- [bookworm] - libpng1.6 <no-dsa> (Minor issue)
+ [trixie] - libpng1.6 1.6.48-1+deb13u2
+ [bookworm] - libpng1.6 1.6.39-2+deb12u2
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072
CVE-2026-22695 (LIBPNG is a reference library for use in applications that
read, creat ...)
{DLA-4481-1}
- libpng1.6 1.6.54-1 (bug #1125443)
- [trixie] - libpng1.6 <no-dsa> (Minor issue)
- [bookworm] - libpng1.6 <no-dsa> (Minor issue)
+ [trixie] - libpng1.6 1.6.48-1+deb13u2
+ [bookworm] - libpng1.6 1.6.39-2+deb12u2
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp
NOTE: Introduced by:
https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
(v1.6.51)
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/e4f7ad4ea2a471776c81dda4846b7691925d9786
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -30,10 +30,6 @@ CVE-2025-2177
[bookworm] - zvbi 0.2.41-1+deb12u1
CVE-2023-47466
[bookworm] - taglib 1.13-2+deb12u1
-CVE-2026-22801
- [bookworm] - libpng1.6 1.6.39-2+deb12u2
-CVE-2026-22695
- [bookworm] - libpng1.6 1.6.39-2+deb12u2
CVE-2022-48620
[bookworm] - libuev 2.4.0-1.1+deb12u1
CVE-2026-24765
=====================================
data/next-point-update.txt
=====================================
@@ -18,10 +18,6 @@ CVE-2025-67269
[trixie] - gpsd 3.25-5+deb13u1
CVE-2026-23949
[trixie] - jaraco.context 6.0.1-1+deb13u1
-CVE-2026-22801
- [trixie] - libpng1.6 1.6.48-1+deb13u2
-CVE-2026-22695
- [trixie] - libpng1.6 1.6.48-1+deb13u2
CVE-2025-7709
[trixie] - sqlite3 3.46.1-7+deb13u1
CVE-2026-24765
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f6f65d137148599ec2c104fc22c32d0649de67f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f6f65d137148599ec2c104fc22c32d0649de67f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
