Thanks, applied as a97d9bb7df2651c015db670c3ce770afc45367d7. Michael
[sent from post-receive hook] On Fri, 12 Dec 2025 15:52:07 +0100, Christian Melki <[email protected]> wrote: > Security fix. > https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES > > Plugs CVE: > CVE-2025-66293 - Out-of-bounds read in `png_image_read_composite`. > > Signed-off-by: Christian Melki <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/rules/libpng.make b/rules/libpng.make > index 86eed1ae5891..d7fed2054256 100644 > --- a/rules/libpng.make > +++ b/rules/libpng.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng > # > # Paths and names > # > -LIBPNG_VERSION := 1.6.51 > -LIBPNG_MD5 := 8781d5eb8285ac70100b75a1d2a5fc5e > +LIBPNG_VERSION := 1.6.52 > +LIBPNG_MD5 := a496982a92ec964e7ca7be4580ee466f > LIBPNG := libpng-$(LIBPNG_VERSION) > LIBPNG_SUFFIX := tar.xz > LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX))
