-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 08 May 2026 14:30:14 +0200 Source: libpng1.6 Binary: libpng-dev libpng-tools libpng-tools-dbgsym libpng16-16 libpng16-16-dbgsym libpng16-16-udeb Architecture: i386 Version: 1.6.39-2+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Tobias Frost Description: libpng-dev - PNG library - development (version 1.6) libpng-tools - PNG library - tools (version 1.6) libpng16-16 - PNG library - runtime (version 1.6) libpng16-16-udeb - PNG library - minimal runtime library (version 1.6) (udeb) Closes: 1133051 Changes: libpng1.6 (1.6.39-2+deb12u5) bookworm-security; urgency=high . * Security upload targeting bookworm. * CVE-2026-34757 - Use after free. (Closes: #1133051) * Cherry-pick upstream regression fix for previously fixed CVE 2026-33416. Checksums-Sha1: 7e538bb27bc36c1f6f6c91136a4765d3436cb006 368864 libpng-dev_1.6.39-2+deb12u5_i386.deb c10debc1311650603d239f5c00f3ccaf60b0e9ae 49296 libpng-tools-dbgsym_1.6.39-2+deb12u5_i386.deb 84f4d3a4af79d7fab010d7f79ac38e5313bc09be 127596 libpng-tools_1.6.39-2+deb12u5_i386.deb 8bb92e20601871c6befd5b43b1bd28d48b102a6d 7451 libpng1.6_1.6.39-2+deb12u5_i386-buildd.buildinfo fe0a2e13f2e3f9da5832dea018ecbbf235704d0d 215748 libpng16-16-dbgsym_1.6.39-2+deb12u5_i386.deb ebcd323bd86f32ff25054fecc100327609593e80 101692 libpng16-16-udeb_1.6.39-2+deb12u5_i386.udeb 07f6887493ba622b879fce5a1a71f455eae5eb87 284712 libpng16-16_1.6.39-2+deb12u5_i386.deb Checksums-Sha256: e8617d260cb2b0425c1e41598d7ee54f208ed641c95f08cd04475a9a72230791 368864 libpng-dev_1.6.39-2+deb12u5_i386.deb adc680ab603362d1a49c69648cc064bfd483494e010bc53f62d221858a82ac20 49296 libpng-tools-dbgsym_1.6.39-2+deb12u5_i386.deb 4d0f8ca73e6fbb189f84e218c4740cd7b414175bf2ebdedcfadb09e491dc705e 127596 libpng-tools_1.6.39-2+deb12u5_i386.deb b9b8a0c0609a699d853c50aaa2bdf5bc9c77f5bd8f6532a128108ad5273ee84a 7451 libpng1.6_1.6.39-2+deb12u5_i386-buildd.buildinfo 24e1fadbfd755ee70611986f18354cd1cfef24469caac86639a541ec874324ef 215748 libpng16-16-dbgsym_1.6.39-2+deb12u5_i386.deb 3b7f0e1db2fa658cfdd34732e9c64a54c0962845b7f2b9b9f30b5541f8459d78 101692 libpng16-16-udeb_1.6.39-2+deb12u5_i386.udeb 6b18ebe0faab22a7cb6d031bc3dffb9c572277c6501ca7b51fbe480a90b2b4da 284712 libpng16-16_1.6.39-2+deb12u5_i386.deb Files: 6ce69b5a4253a4a37dc4d6edcdc2e4f4 368864 libdevel optional libpng-dev_1.6.39-2+deb12u5_i386.deb 69fd918c09e88e78ee1932e8ad7f390f 49296 debug optional libpng-tools-dbgsym_1.6.39-2+deb12u5_i386.deb 24b9c2e4077f1642b00287ba2ff46991 127596 libdevel optional libpng-tools_1.6.39-2+deb12u5_i386.deb 36e586f83252e0dd3a421993028662a4 7451 libs optional libpng1.6_1.6.39-2+deb12u5_i386-buildd.buildinfo c3fe9818f87d8332a84f33a399c09d9c 215748 debug optional libpng16-16-dbgsym_1.6.39-2+deb12u5_i386.deb b41e79a5d7ca5ab237c4ae99cfb68735 101692 debian-installer optional libpng16-16-udeb_1.6.39-2+deb12u5_i386.udeb 2091061f11213c052e9b544bb2f21bdb 284712 libs optional libpng16-16_1.6.39-2+deb12u5_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmn+D3sACgkQbheoBegw XLIRzA/9EjDvMVW7H9ds/L+OsQLylUz31r5vZB8er3wJ3MEp7jJlIh1i/bARAUec 4HdKDxEvJvXiCjLeNuTfoJn+tcVcOVquRsMHw3OAtVydYi3IlD1nKYnG0DPtHC2F 2q4ObPpVafVHKR++vFM+Q23RIOKe/VdtM5FQ+JOv4WvcNxbMMONS+yQAeVO+CBDp A9van3puuI/FLjbDuCYkq1PKGy8AbZW88UFFgMHyMQV/XGp1bZW0u6Qmjs6SR9CI q1L/eWR4mBUZNxkP1EekbgY61r/A+TAOk1KW3E8Q3jGUtOJE2zrG8EtCacLMxST4 +iO8KCOhhR4SlQ9MB0sFk+aalNT1CoiuRkmwJVBkAHMCf6l5s6px7gKQEm/+QJFx FsQMbQqhEnP5ujLKwBNSTJOjyLaOtm+tRmPwm8WJFhZSNOG/r+34JhaPCAkWw/LS s1+l6hhBJ+0BT/yM3m3Ti/lY2iwmjUUUjVT52US5NrInrMQaQ5VDroYsTKSkcLmH hHFJXkgYIuFZClBboy8wlKu57wsmyYJBJnP0+ELXf9o29EW2aF9dFgHljSqcTwcs d2yRHK98jRmqdF1dFxsMFslJYaR2fpR8K7jZ8l1ujsrGILd9/QG6XaJgVmiWYIbI oLgE/dtECjmkEfTZ3LRq/bY+OmoQ1rjk2D0jB65+j0HXaQslFv0= =4X9X -----END PGP SIGNATURE-----