Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdd5f920 by Sylvain Beucler at 2026-05-18T20:22:06+02:00
CVE-2026-40930/libpng1.6: bullseye postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -412,6 +412,7 @@ CVE-2026-8700 (Crypt::DSA versions before 1.20 for Perl
generate seeds using ran
NOTE: Fixed by:
https://github.com/perl-Crypt-OpenPGP/Crypt-DSA/commit/43f2ad133bca76c57665f42eb0dc8042df54d3f1
(1.20)
CVE-2026-40930
- libpng1.6 1.6.37-4
+ [bullseye] - libpng1.6 <postponed> (Minor issue, not exploitable in
default configuration, unclear impact)
NOTE: The vulnerable code has its roots in the external libpng-apng
patchset for 1.6
NOTE: 1.8 development releases adopted the patch which then introduced
it into libpng
NOTE: The apng patch was applied in Deian starting with 1.6.36-2 and
dropped in 1.6.37-4,
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdd5f920e5a18343564585a647119c612666174a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdd5f920e5a18343564585a647119c612666174a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
