Re: security update for libpng1.6

To: Tobias Frost <tobi@debian.org>
Cc: team@security.debian.org, libpng1.6@packages.debian.org, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: security update for libpng1.6
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 4 Dec 2025 07:28:53 +0100
Message-id: <[🔎] aTEqJUz_AvJuKJxM@eldamar.lan>
Mail-followup-to: Tobias Frost <tobi@debian.org>, team@security.debian.org, libpng1.6@packages.debian.org, Debian LTS <debian-lts@lists.debian.org>
In-reply-to: <[🔎] aTEZjC0n5p2BMXw3@isildor2.loewenhoehle.ip>
References: <aSMmcaZiryjRxWtL@isildor2.loewenhoehle.ip> <aSMwuZ48lEtT3lj9@eldamar.lan> <aSYOWUP3ueoCRGUT@isildor2.loewenhoehle.ip> <aSmiCjhBzsyQpiIs@eldamar.lan> <aSyCiWVFUL70S_xD@isildor2.loewenhoehle.ip> <aSyeijvzJflQYszr@eldamar.lan> <[🔎] aTEZjC0n5p2BMXw3@isildor2.loewenhoehle.ip>

Hi Tobi,

On Thu, Dec 04, 2025 at 06:18:04AM +0100, Tobias Frost wrote:
> Hi security team
> 
> #1121877 has been reported, CVE-2025-66293. [1]
> I'm looking at it right now for unstable, please advice whether you'd
> like to amend the pending upload with a fix for this vulnerability as
> well. Holding LTS/ELTS (which are ready too without the newly discovered
> CVE, plan to add the patch for those as well) until I've get your
> feedback.

Yes please. I will reject the current one on security-master so that
we can include the patch and reuse the same version. But let's fix it
first in unstable.

Thanks for the headsup, we were on X-Debbugs-CC so added it already as
well to the tracker.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: security update for libpng1.6
  - From: Tobias Frost <tobi@debian.org>

References:
- Re: security update for libpng1.6
  - From: Tobias Frost <tobi@debian.org>

Prev by Date: Re: security update for libpng1.6
Next by Date: Re: security update for libpng1.6
Previous by thread: Re: security update for libpng1.6
Next by thread: Re: security update for libpng1.6
Index(es):
- Date
- Thread