[Git][security-tracker-team/security-tracker][master] mark two png issues as fixed along with the DSA

Tue Feb 17 21:59:43 GMT 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f6f65d1 by Moritz Muehlenhoff at 2026-02-17T22:59:18+01:00
mark two png issues as fixed along with the DSA

- - - - -


3 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14572,15 +14572,15 @@ CVE-2024-14021 (LlamaIndex (run-llama/llama_index) versions up to and including
 CVE-2026-22801 (LIBPNG is a reference library for use in applications that read, creat ...)
 	{DLA-4481-1}
 	- libpng1.6 1.6.54-1 (bug #1125444)
-	[trixie] - libpng1.6 <no-dsa> (Minor issue)
-	[bookworm] - libpng1.6 <no-dsa> (Minor issue)
+	[trixie] - libpng1.6 1.6.48-1+deb13u2
+	[bookworm] - libpng1.6 1.6.39-2+deb12u2
 	NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
 	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072
 CVE-2026-22695 (LIBPNG is a reference library for use in applications that read, creat ...)
 	{DLA-4481-1}
 	- libpng1.6 1.6.54-1 (bug #1125443)
-	[trixie] - libpng1.6 <no-dsa> (Minor issue)
-	[bookworm] - libpng1.6 <no-dsa> (Minor issue)
+	[trixie] - libpng1.6 1.6.48-1+deb13u2
+	[bookworm] - libpng1.6 1.6.39-2+deb12u2
 	NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp
 	NOTE: Introduced by: https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)
 	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/e4f7ad4ea2a471776c81dda4846b7691925d9786


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -30,10 +30,6 @@ CVE-2025-2177
 	[bookworm] - zvbi 0.2.41-1+deb12u1
 CVE-2023-47466
 	[bookworm] - taglib 1.13-2+deb12u1
-CVE-2026-22801
-	[bookworm] - libpng1.6 1.6.39-2+deb12u2
-CVE-2026-22695
-	[bookworm] - libpng1.6 1.6.39-2+deb12u2
 CVE-2022-48620
 	[bookworm] - libuev 2.4.0-1.1+deb12u1
 CVE-2026-24765


=====================================
data/next-point-update.txt
=====================================
@@ -18,10 +18,6 @@ CVE-2025-67269
 	[trixie] - gpsd 3.25-5+deb13u1
 CVE-2026-23949
 	[trixie] - jaraco.context 6.0.1-1+deb13u1
-CVE-2026-22801
-	[trixie] - libpng1.6 1.6.48-1+deb13u2
-CVE-2026-22695
-	[trixie] - libpng1.6 1.6.48-1+deb13u2
 CVE-2025-7709
 	[trixie] - sqlite3 3.46.1-7+deb13u1
 CVE-2026-24765



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f6f65d137148599ec2c104fc22c32d0649de67f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f6f65d137148599ec2c104fc22c32d0649de67f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260217/ae9b1de7/attachment-0001.htm>
