Re: [update] png 1.6.54

Klemens Nanni Tue, 13 Jan 2026 20:14:39 -0800

14.01.2026 00:09, Matthieu Herrb пишет:
> CVE-2026-22695 (medium severity): Heap buffer over-read in
> png_image_read_direct_scaled
> CVE-2026-22801 (medium severity): Integer truncation causing heap
> buffer over-read in png_image_write_*.
> 
> ok ?


OK kn

> 
> I'll take care of the embedded copy in xenocara.
> 
> Index: Makefile
> ===================================================================
> RCS file: /local/cvs/ports/graphics/png/Makefile,v
> diff -u -p -u -r1.145 Makefile
> --- Makefile  4 Dec 2025 15:34:39 -0000       1.145
> +++ Makefile  13 Jan 2026 21:05:34 -0000
> @@ -4,7 +4,7 @@
>  
>  COMMENT=     library for manipulating PNG images
>  
> -VERSION=     1.6.52
> +VERSION=     1.6.54
>  DISTNAME=    libpng-${VERSION}
>  PKGNAME=     png-${VERSION}
>  CATEGORIES=  graphics
> Index: distinfo
> ===================================================================
> RCS file: /local/cvs/ports/graphics/png/distinfo,v
> diff -u -p -u -r1.74 distinfo
> --- distinfo  4 Dec 2025 15:34:39 -0000       1.74
> +++ distinfo  13 Jan 2026 21:05:34 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (libpng-1.6.52.tar.xz) = Nr1yYijsk6O2wi/bSelKZ7FvL+mzm3i3y2V3KWZmHMw=
> -SIZE (libpng-1.6.52.tar.xz) = 1063580
> +SHA256 (libpng-1.6.54.tar.xz) = AcnYowPJQewsURwUMSo7HTbO20Hi9RaMzaqF1TuIeAU=
> +SIZE (libpng-1.6.54.tar.xz) = 1064472
>

Re: [update] png 1.6.54

Reply via email to