]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c52c5e8) | patch
libpng: upgrade 1.6.51 -> 1.6.52
authorPeter Marko <peter.marko@siemens.com>
Sat, 6 Dec 2025 20:48:24 +0000 (21:48 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 22 Dec 2025 17:54:58 +0000 (17:54 +0000)
commit424c8aba2a52f464b2a652f56770437bdd08bf9e
tree3514a54da6c230d50a5931e8130dcdfbf14ed585tree | snapshot
parentc52c5e88626968b08510818f09829f2e1c9f94aecommit | diff
libpng: upgrade 1.6.51 -> 1.6.52

Handles CVE-2025-66293

>From Release Notes [1]:
  Fixed CVE-2025-66293 (high severity):
    Out-of-bounds read in `png_image_read_composite`.
    (Reported by flyfish101 <flyfish101@users.noreply.github.com>.)
  Fixed the Paeth filter handling in the RISC-V RVV implementation.
    (Reported by Filip Wasil; fixed by Liang Junzhao.)
  Improved the performance of the RISC-V RVV implementation.
    (Contributed by Liang Junzhao.)
  Added allocation failure fuzzing to oss-fuzz.
    (Contributed by Philippe Antoine.)

[1] https://github.com/pnggroup/libpng/blob/v1.6.52/CHANGES#L6307-L6316

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-multimedia/libpng/libpng_1.6.52.bb [moved from meta/recipes-multimedia/libpng/libpng_1.6.51.bb with 97% similarity] diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core