Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2025-11-28 16:50:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new.14147 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpng16" Fri Nov 28 16:50:40 2025 rev:59 rq:1320338 version:1.6.51 Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2025-08-06 14:31:23.779273283 +0200 +++ /work/SRC/openSUSE:Factory/.libpng16.new.14147/libpng16.changes 2025-11-28 16:50:57.317290996 +0100 @@ -1,0 +2,30 @@ +Thu Nov 27 11:16:08 UTC 2025 - [email protected] + +- version update to 1.6.51 + * Fixed CVE-2025-64505 (moderate severity): + Heap buffer overflow in `png_do_quantize` via malformed palette index. + (Reported by Samsung; analyzed by Fabio Gritti.) + * Fixed CVE-2025-64506 (moderate severity): + Heap buffer over-read in `png_write_image_8bit` with 8-bit input and + `convert_to_8bit` enabled. + (Reported by Samsung and <[email protected]>; + analyzed by Fabio Gritti.) + * Fixed CVE-2025-64720 (high severity): + Buffer overflow in `png_image_read_composite` via incorrect palette + premultiplication. + (Reported by Samsung; analyzed by John Bowler.) + * Fixed CVE-2025-65018 (high severity): + Heap buffer overflow in `png_combine_row` triggered via + `png_image_finish_read`. + (Reported by <[email protected]>.) + * Fixed a memory leak in `png_set_quantize`. + (Reported by Samsung; analyzed by Fabio Gritti.) + * Removed the experimental and incomplete ERROR_NUMBERS code. + (Contributed by Tobias Stoeckmann.) + * Improved the RISC-V vector extension support; required RVV 1.0 or newer. + (Contributed by Filip Wasil.) + * Added GitHub Actions workflows for automated testing. + * Performed various refactorings and cleanups. +- fixes [bsc#1254157] [bsc#1254158] [bsc#1254159] [bsc#1254160] + +------------------------------------------------------------------- Old: ---- libpng-1.6.50.tar.xz New: ---- libpng-1.6.51.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.nrfStj/_old 2025-11-28 16:50:58.781352645 +0100 +++ /var/tmp/diff_new_pack.nrfStj/_new 2025-11-28 16:50:58.793353151 +0100 @@ -20,7 +20,7 @@ %define asan_build 0 %define major 1 %define minor 6 -%define micro 50 +%define micro 51 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} %define debug_package_requires %{libname} = %{version}-%{release} ++++++ libpng-1.6.50.tar.xz -> libpng-1.6.51.tar.xz ++++++ ++++ 1977 lines of diff (skipped)
