[Git][security-tracker-team/security-tracker][master] CVE-2026-40930/libpng1.6: bullseye postponed
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Mon May 18 19:22:13 BST 2026
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cdd5f920 by Sylvain Beucler at 2026-05-18T20:22:06+02:00
CVE-2026-40930/libpng1.6: bullseye postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -412,6 +412,7 @@ CVE-2026-8700 (Crypt::DSA versions before 1.20 for Perl generate seeds using ran
NOTE: Fixed by: https://github.com/perl-Crypt-OpenPGP/Crypt-DSA/commit/43f2ad133bca76c57665f42eb0dc8042df54d3f1 (1.20)
CVE-2026-40930
- libpng1.6 1.6.37-4
+ [bullseye] - libpng1.6 <postponed> (Minor issue, not exploitable in default configuration, unclear impact)
NOTE: The vulnerable code has its roots in the external libpng-apng patchset for 1.6
NOTE: 1.8 development releases adopted the patch which then introduced it into libpng
NOTE: The apng patch was applied in Deian starting with 1.6.36-2 and dropped in 1.6.37-4,
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdd5f920e5a18343564585a647119c612666174a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdd5f920e5a18343564585a647119c612666174a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/1784ee7d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list