* [ptxdist] [PATCH] libpng: Version bump. 1.6.53 -> 1.6.54
@ 2026-01-15 20:12 Christian Melki
0 siblings, 0 replies; only message in thread
From: Christian Melki @ 2026-01-15 20:12 UTC (permalink / raw)
To: ptxdist
Security fixes.
https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES
Plugs CVEs:
CVE-2026-22695: Heap buffer over-read in png_image_read_direct_scaled.
CVE-2026-22801: Integer truncation causing heap buffer over-read in png_image_write_*
* License hash changed, copyright year updates.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/libpng.make | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/rules/libpng.make b/rules/libpng.make
index 7bd6d2376..f69de3e08 100644
--- a/rules/libpng.make
+++ b/rules/libpng.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng
#
# Paths and names
#
-LIBPNG_VERSION := 1.6.53
-LIBPNG_MD5 := 0d95e8af31991e976811bbf55f693d2d
+LIBPNG_VERSION := 1.6.54
+LIBPNG_MD5 := ba9e86853c794d111398b66a42bfa0dc
LIBPNG := libpng-$(LIBPNG_VERSION)
LIBPNG_SUFFIX := tar.xz
LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX))
@@ -25,7 +25,7 @@ LIBPNG_SOURCE := $(SRCDIR)/$(LIBPNG).$(LIBPNG_SUFFIX)
LIBPNG_DIR := $(BUILDDIR)/$(LIBPNG)
LIBPNG_LICENSE := libpng-2.0
LIBPNG_LICENSE_FILES := \
- file://LICENSE;md5=5516d77a3cf75f55a0d37254e3e65a20
+ file://LICENSE;md5=9dc350edbbbee660c7d9af79487168f2
# ----------------------------------------------------------------------------
# Prepare
--
2.43.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-01-15 20:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-15 20:12 [ptxdist] [PATCH] libpng: Version bump. 1.6.53 -> 1.6.54 Christian Melki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox