* [ptxdist] [PATCH] libpng: Version bump. 1.6.55 -> 1.6.56
@ 2026-03-27 21:33 Christian Melki
0 siblings, 0 replies; only message in thread
From: Christian Melki @ 2026-03-27 21:33 UTC (permalink / raw)
To: ptxdist
Bugfixes and security.
https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES
Plugs CVEs:
CVE-2026-33416: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE
CVE-2026-33636: Out-of-bounds read/write in the palette expansion on ARM Neon.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/libpng.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/libpng.make b/rules/libpng.make
index 8cdfacf64..43ad8c8eb 100644
--- a/rules/libpng.make
+++ b/rules/libpng.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng
#
# Paths and names
#
-LIBPNG_VERSION := 1.6.55
-LIBPNG_MD5 := bc950b5a06ec1028285e14a127f6fb6e
+LIBPNG_VERSION := 1.6.56
+LIBPNG_MD5 := e30798a97361f11390a624b5b48c1c74
LIBPNG := libpng-$(LIBPNG_VERSION)
LIBPNG_SUFFIX := tar.xz
LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX))
--
2.43.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-03-27 21:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-27 21:33 [ptxdist] [PATCH] libpng: Version bump. 1.6.55 -> 1.6.56 Christian Melki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox