-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 May 2026 14:30:14 +0200 Source: libpng1.6 Binary: libpng-dev libpng-tools libpng-tools-dbgsym libpng16-16 libpng16-16-dbgsym libpng16-16-udeb Architecture: arm64 Version: 1.6.39-2+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: arm64 Build Daemon (arm-conova-03) Changed-By: Tobias Frost Description: libpng-dev - PNG library - development (version 1.6) libpng-tools - PNG library - tools (version 1.6) libpng16-16 - PNG library - runtime (version 1.6) libpng16-16-udeb - PNG library - minimal runtime library (version 1.6) (udeb) Closes: 1133051 Changes: libpng1.6 (1.6.39-2+deb12u5) bookworm-security; urgency=high . * Security upload targeting bookworm. * CVE-2026-34757 - Use after free. (Closes: #1133051) * Cherry-pick upstream regression fix for previously fixed CVE 2026-33416. Checksums-Sha1: c7112756d90839aa3c580fdf4a55dd58d8952cd7 355624 libpng-dev_1.6.39-2+deb12u5_arm64.deb 5cb5482ddd2452c449c9679f8bb9ce85af8775a1 49428 libpng-tools-dbgsym_1.6.39-2+deb12u5_arm64.deb 9f6c4c39cfcb482b5c65e0774a92ce22bdcc7c4a 126496 libpng-tools_1.6.39-2+deb12u5_arm64.deb 8d540166fcb69068260551aaac5bb938d116f96d 7551 libpng1.6_1.6.39-2+deb12u5_arm64-buildd.buildinfo 0168e7511da26525dec24719d039f4b88cf885a6 257484 libpng16-16-dbgsym_1.6.39-2+deb12u5_arm64.deb 381cb1ab349b414f4d524be5310e5d2621876aa5 87344 libpng16-16-udeb_1.6.39-2+deb12u5_arm64.udeb 0695ab1ed2c012d9acbe74e76c8b74caababba02 270448 libpng16-16_1.6.39-2+deb12u5_arm64.deb Checksums-Sha256: f02dc017801713dfd11aaa7e72d705f747570e029fd242c29af072d64474ddfc 355624 libpng-dev_1.6.39-2+deb12u5_arm64.deb 45792dd622cc0bd42e28b4e67d6b5057ebf5cec983a209880a7e3b5a8d715790 49428 libpng-tools-dbgsym_1.6.39-2+deb12u5_arm64.deb 59d9fb08f602d25b5674547657c650dd7bf5bdb888e7340979cf53d03e1f030d 126496 libpng-tools_1.6.39-2+deb12u5_arm64.deb 250110a6cbde368ae37cb81dca33460eeb893f6c52628aa0f3a3a6a9e9e8dc19 7551 libpng1.6_1.6.39-2+deb12u5_arm64-buildd.buildinfo da5df86dbe0c3f2c228434c115235ec247e12110a49bb6f6b6d0bc7585e91227 257484 libpng16-16-dbgsym_1.6.39-2+deb12u5_arm64.deb 07a0a745b3ca85f44976ff4f23ecd39cc754a035f8b00233fcafe4b39dfc51d1 87344 libpng16-16-udeb_1.6.39-2+deb12u5_arm64.udeb 69aba3963ddfb11b98e5bf4b0d022f76b797436568884b10f2da32e0f4b8c2dd 270448 libpng16-16_1.6.39-2+deb12u5_arm64.deb Files: 587b59ad7c5d55a9180a4b967ca0de5a 355624 libdevel optional libpng-dev_1.6.39-2+deb12u5_arm64.deb a29b01888dcaaa89d4c4071dd42e3006 49428 debug optional libpng-tools-dbgsym_1.6.39-2+deb12u5_arm64.deb 325ab64e21ed69c1a0284e996c7a7c0b 126496 libdevel optional libpng-tools_1.6.39-2+deb12u5_arm64.deb df222502492ab5c2c4a17f375817b102 7551 libs optional libpng1.6_1.6.39-2+deb12u5_arm64-buildd.buildinfo 9192302b9799814ad35980fef8781b9d 257484 debug optional libpng16-16-dbgsym_1.6.39-2+deb12u5_arm64.deb cc39f86c57fc6cd90c9b3e1c8f443ca8 87344 debian-installer optional libpng16-16-udeb_1.6.39-2+deb12u5_arm64.udeb 666406282866e06fb73af55d770aa713 270448 libs optional libpng16-16_1.6.39-2+deb12u5_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmn+DykACgkQXVp1sEH/ 1mKpBA//Y1gHlxTjo8iZv9gJiSpucQTp1Q/X1/P2x1nSkcsX/ltZNqSJXtu2mLiA Hc1UmzJlViCW87mIsfdmJyjDE3j4CSjo5O4vaWlOkZhER6p4bEG9U+rjwhZu5KAG pgpvOPLtkoc2mZ+c2g7AlXZRLIpyL3WASxKxgq2P16+y4W2rGUtZKMM8ssNAw2m7 sKL4HWcPn8Ccg2wG4LIJjdPpme5HnsF0PrL7+SjrLVRSoay1zgqo2hhJL/hwD13l Qe/G9zpEhHGu+VrhBcjinI3Jon1OajZ/34UtttF71IxfwdjEb3ayGTKJXI7KnFLr tYreMKIJ2JNcPdMaphvHBWnk1qbT+z4X5KDQkXVFWBfOJ5hdLwdLAHppxZjrefoS emVBf3bzIT43Jg1FyY51lvby7Xg43LETwC+y/KFP3OBQnutPQ5Lqp0Yc9FHIqvcZ T9RA625DxAN+rBOO45I7z/az491HmHIdNcWDQB1dHJTZcAXPDzfdxxMgmXYfLlgF +LUhu0QTH1vo89AOfsW941DF3BIkBOB9yzBTbHGEYTcNvZAEprf8YNr4DXcIHrFD rGwclYz6HyOi/6LqHSIonCA7vcjIQmQz0UU9aXCgs+Ns920k442ccbDxEQWJNl3v Y87jgAKbpyq5fK+G2FKUIDEhZdMM30aA8wauIf58W/8tzb8QgdA= =o9r9 -----END PGP SIGNATURE-----