Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: eae45e07 by Moritz Mühlenhoff at 2026-05-16T00:50:22+02:00 new libpng issue - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,11 @@ +CVE-2026-40930 + - libpng1.6 1.6.37-4 + NOTE: The vulnerable code has its roots in the external libpng-apng patchset for 1.6 + NOTE: 1.8 development releases adopted the patch which then introduced it into libpng + NOTE: The apng patch was applied in Deian starting with 1.6.36-2 and dropped in 1.6.37-4, + NOTE: so marking 1.6.37-4 as the fixed version + NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-c4v6-gxrq-6g2x + NOTE: https://github.com/pnggroup/libpng/commit/faf06924688b62d7c1654b5ceddedbde66ffadb4 CVE-2026-46433 [Heap OOB Read in VLAN Decapsulation memmove] - lldpd 1.0.22-1 NOTE: https://github.com/lldpd/lldpd/security/advisories/GHSA-2g8p-2h3j-63m3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae45e0768a9d12be2ef7296494d859bf20e2f2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae45e0768a9d12be2ef7296494d859bf20e2f2e You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
