[Git][security-tracker-team/security-tracker][master] Reference full commit id for libpng1.6 upstream fixes

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 13 21:18:33 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a579b16c by Salvatore Bonaccorso at 2026-01-13T22:18:16+01:00
Reference full commit id for libpng1.6 upstream fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -938,12 +938,12 @@ CVE-2024-14021 (LlamaIndex (run-llama/llama_index) versions up to and including
 CVE-2026-22801 (LIBPNG is a reference library for use in applications that read, creat ...)
 	- libpng1.6 <unfixed>
 	NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
-	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/cf155de014
+	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/cf155de014fc6c5cb199dd681dd5c8fb70429072
 CVE-2026-22695 (LIBPNG is a reference library for use in applications that read, creat ...)
 	- libpng1.6 <unfixed>
 	NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp
 	NOTE: Introduced by: https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)
-	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/e4f7ad4ea2
+	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/e4f7ad4ea2a471776c81dda4846b7691925d9786
 	NOTE: Introducing fix for CVE-2025-65018 got backported into older suites
 	NOTE: https://github.com/pnggroup/libpng/issues/778
 CVE-2026-0665 [qemu: Heap off-by-one in KVM Xen PHYSDEVOP_map_pirq]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a579b16c55b4644aa36aae874d07c23090f25141

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a579b16c55b4644aa36aae874d07c23090f25141
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260113/ba3e7b7e/attachment.htm>

More information about the debian-security-tracker-commits mailing list