[Git][security-tracker-team/security-tracker][master] new libpng issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 15 23:50:52 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eae45e07 by Moritz Mühlenhoff at 2026-05-16T00:50:22+02:00
new libpng issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2026-40930
+ - libpng1.6 1.6.37-4
+ NOTE: The vulnerable code has its roots in the external libpng-apng patchset for 1.6
+ NOTE: 1.8 development releases adopted the patch which then introduced it into libpng
+ NOTE: The apng patch was applied in Deian starting with 1.6.36-2 and dropped in 1.6.37-4,
+ NOTE: so marking 1.6.37-4 as the fixed version
+ NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-c4v6-gxrq-6g2x
+ NOTE: https://github.com/pnggroup/libpng/commit/faf06924688b62d7c1654b5ceddedbde66ffadb4
CVE-2026-46433 [Heap OOB Read in VLAN Decapsulation memmove]
- lldpd 1.0.22-1
NOTE: https://github.com/lldpd/lldpd/security/advisories/GHSA-2g8p-2h3j-63m3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae45e0768a9d12be2ef7296494d859bf20e2f2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eae45e0768a9d12be2ef7296494d859bf20e2f2e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/d2c3a9e8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list