Unrated severityOSV Advisory· Published Feb 4, 2019· Updated Aug 4, 2024

CVE-2019-7317

Description

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Affected products

174

Oracle Corporation/MySQLOSV
Range: libpng-1.6.10-signed, libpng-1.6.11-signed, libpng-1.6.12-signed, …
osv-coords173 versions
pkg:apk/chainguard/firefox pkg:apk/chainguard/firefox-esr pkg:apk/chainguard/mysql-8.0 pkg:apk/chainguard/mysql-8.0-bitnami-compat pkg:apk/chainguard/mysql-8.0-client pkg:apk/chainguard/mysql-8.0-dev pkg:apk/chainguard/mysql-8.0-iamguarded-compat pkg:apk/chainguard/mysql-8.0-oci-entrypoint pkg:apk/chainguard/mysql-8.0-oci-entrypoint-compat pkg:apk/chainguard/openjdk-11-openj9 pkg:apk/chainguard/openjdk-11-openj9-dbg pkg:apk/chainguard/openjdk-11-openj9-default-jdk pkg:apk/chainguard/openjdk-11-openj9-default-jvm pkg:apk/chainguard/openjdk-11-openj9-default-policy pkg:apk/chainguard/openjdk-11-openj9-doc pkg:apk/chainguard/openjdk-11-openj9-jmods pkg:apk/chainguard/openjdk-11-openj9-jre pkg:apk/chainguard/openjdk-17-openj9 pkg:apk/chainguard/openjdk-17-openj9-dbg pkg:apk/chainguard/openjdk-17-openj9-default-jdk pkg:apk/chainguard/openjdk-17-openj9-default-jvm pkg:apk/chainguard/openjdk-17-openj9-default-policy pkg:apk/chainguard/openjdk-17-openj9-doc pkg:apk/chainguard/openjdk-17-openj9-jmods pkg:apk/chainguard/openjdk-17-openj9-jre pkg:apk/chainguard/openjdk-21-openj9 pkg:apk/chainguard/openjdk-21-openj9-dbg pkg:apk/chainguard/openjdk-21-openj9-default-jdk pkg:apk/chainguard/openjdk-21-openj9-default-jvm pkg:apk/chainguard/openjdk-21-openj9-default-policy pkg:apk/chainguard/openjdk-21-openj9-doc pkg:apk/chainguard/openjdk-21-openj9-jmods pkg:apk/chainguard/openjdk-21-openj9-jre pkg:apk/chainguard/openjdk-8-openj9 pkg:apk/chainguard/openjdk-8-openj9-dbg pkg:apk/chainguard/openjdk-8-openj9-default-jdk pkg:apk/chainguard/openjdk-8-openj9-default-jvm pkg:apk/chainguard/openjdk-8-openj9-doc pkg:apk/chainguard/openjdk-8-openj9-jre pkg:apk/chainguard/openjdk-9 pkg:apk/chainguard/openjdk-9-default-jdk pkg:apk/chainguard/openjdk-9-default-jvm pkg:apk/chainguard/openjdk-9-demos pkg:apk/chainguard/openjdk-9-doc pkg:apk/chainguard/openjdk-9-jmods pkg:apk/chainguard/openjdk-9-jre pkg:apk/chainguard/openjdk-9-jre-base pkg:apk/wolfi/firefox pkg:apk/wolfi/openjdk-9 pkg:apk/wolfi/openjdk-9-default-jdk pkg:apk/wolfi/openjdk-9-default-jvm pkg:apk/wolfi/openjdk-9-demos pkg:apk/wolfi/openjdk-9-doc pkg:apk/wolfi/openjdk-9-jmods pkg:apk/wolfi/openjdk-9-jre pkg:apk/wolfi/openjdk-9-jre-base pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-13-openjdk&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libpng16&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/libpng16&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/libpng16&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_7_1-ibm&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/java-1_8_0-ibm&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/java-1_8_0-openjdk&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/libpng16&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libpng16&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/libpng16&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1 pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 0+ 172 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 0
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 9.0.4-r5
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 11.0.4.0-lp151.3.6.1
- (no CPE)range: < 11.0.4.0-lp151.3.6.1
- (no CPE)range: < 11.0.12.0-3.1
- (no CPE)range: < 13.0.8.0-3.1
- (no CPE)range: < 1.8.0.222-lp151.2.3.1
- (no CPE)range: < 1.8.0.222-lp151.2.3.1
- (no CPE)range: < 1.8.0.302-2.2
- (no CPE)range: < 1.6.34-lp151.3.3.1
- (no CPE)range: < 1.6.34-lp151.3.3.1
- (no CPE)range: < 1.6.37-3.3
- (no CPE)range: < 60.7.0-lp150.3.54.5
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 11.0.4.0-3.33.1
- (no CPE)range: < 11.0.4.0-3.33.1
- (no CPE)range: < 1.7.0_sr10.50-65.42.1
- (no CPE)range: < 1.7.0.231-43.27.2
- (no CPE)range: < 1.7.0.231-43.27.2
- (no CPE)range: < 1.7.0.231-43.27.2
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-26.44.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.7.1_sr4.50-38.41.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-3.24.1
- (no CPE)range: < 1.8.0_sr5.40-3.24.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0_sr5.40-30.54.1
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-3.24.2
- (no CPE)range: < 1.8.0.222-3.24.2
- (no CPE)range: < 1.8.0.222-3.24.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.8.0.222-27.35.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.34-3.9.1
- (no CPE)range: < 1.6.34-3.9.1
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 1.6.8-15.5.2
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-3.40.6
- (no CPE)range: < 60.7.0-3.40.6
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-109.72.1
- (no CPE)range: < 60.7.0-3.33.2
- (no CPE)range: < 60.7.0-3.33.2
- (no CPE)range: < 60.7.2-85.1

Patches

447eb26e094b

BUG#38784394 - mysql packages failing with conflicts on FC43

https://github.com/mysql/mysql-serverApoorva VermaDec 23, 2025via osv

commit

1 file changed · +2 −0

packaging/rpm-fedora/mysql.spec.in+2 −0 modified

@@ -294,6 +294,8 @@ Obsoletes:      mysql-errmsg < %{version}-%{release}
 Obsoletes:      mysql-common < %{version}-%{release}
 Provides:       mysql-common = %{version}-%{release}
 Provides:       mysql-common%{?_isa} = %{version}-%{release}
+Provides:       user(mysql)
+Provides:       group(mysql)
 Obsoletes:      mysql8.4-common < %{version}-%{release}
 Obsoletes:      mysql8.4-errmsg < %{version}-%{release}

7ed30a748964

https://github.com/mysql/mysql-servermysql-builder@oracle.comDec 15, 2020via osv

commit

a40189cf881e

Release libpng version 1.6.37

https://github.com/pnggroup/libpngCosmin TrutaApr 14, 2019via osv

commit

19 files changed · +95 −123

ANNOUNCE+18 −56 modified

@@ -1,13 +1,5 @@
-libpng 1.6.37.git
-=================
-
-This is a development version, not intended to be a public release.
-It will be replaced by a public release, or by another development
-version, at a later time.
-
-
-libpng 1.6.36 - December 1, 2018
-================================
+libpng 1.6.37 - April 14, 2019
+==============================
 
 This is a public release of libpng, intended for use in production code.
 
@@ -17,13 +9,13 @@ Files available for download
 
 Source files with LF line endings (for Unix/Linux):
 
- * libpng-1.6.36.tar.xz (LZMA-compressed, recommended)
- * libpng-1.6.36.tar.gz
+ * libpng-1.6.37.tar.xz (LZMA-compressed, recommended)
+ * libpng-1.6.37.tar.gz
 
 Source files with CRLF line endings (for Windows):
 
- * lp1636.7z (LZMA-compressed, recommended)
- * lp1636.zip
+ * lp1637.7z (LZMA-compressed, recommended)
+ * lp1637.zip
 
 Other information:
 
@@ -33,50 +25,20 @@ Other information:
  * TRADEMARK.md
 
 
-IMPORTANT licensing update: libpng license v2
----------------------------------------------
-
-The new libpng license comprises the terms and conditions from the zlib
-license, and the disclaimer from the Boost license.
-
-The legacy libpng license, used until libpng-1.6.35, is appended to the
-new license, following the precedent established in the Python Software
-Foundation License version 2.
-
-From now on, the list of contributing authors shall be maintained in a
-separate AUTHORS file.  The lists of previous contributing authors,
-mentioned in the legacy libpng license and considered to be an integral
-part of that license, are kept intact, with no further updates.
-
-
-Changes since the previous public release (version 1.6.35)
+Changes since the previous public release (version 1.6.36)
 ----------------------------------------------------------
 
- * Optimized png_do_expand_palette for ARM processors.
-   Improved performance by around 10-22% on a recent ARM Chromebook.
-   (Contributed by Richard Townsend, ARM Holdings)
- * Fixed manipulation of machine-specific optimization options.
-   (Contributed by Vicki Pfau)
- * Used memcpy instead of manual pointer arithmetic on Intel SSE2.
-   (Contributed by Samuel Williams)
- * Fixed build errors with MSVC on ARM64.
-   (Contributed by Zhijie Liang)
- * Fixed detection of libm in CMakeLists.
-   (Contributed by Cameron Cawley)
- * Fixed incorrect creation of pkg-config file in CMakeLists.
-   (Contributed by Kyle Bentley)
- * Fixed the CMake build on Windows MSYS by avoiding symlinks.
- * Fixed a build warning on OpenBSD.
-   (Contributed by Theo Buehler)
- * Fixed various typos in comments.
-   (Contributed by "luz.paz")
- * Raised the minimum required CMake version from 3.0.2 to 3.1.
- * Removed yet more of the vestigial support for pre-ANSI C compilers.
- * Removed ancient makefiles for ancient systems that have been broken
-   across all previous libpng-1.6.x versions.
- * Removed the Y2K compliance statement and the export control
-   information.
- * Applied various code style and documentation fixes.
+ * Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
+ * Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
+ * Fixed a memory leak in pngtest.c.
+ * Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
+   contrib/pngminus; refactor.
+ * Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
+   (Contributed by Willem van Schaik)
+ * Fixed a typo in the libpng license v2.
+   (Contributed by Miguel Ojeda)
+ * Added makefiles for AddressSanitizer-enabled builds.
+ * Cleaned up various makefiles.
 
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.

CHANGES+26 −15 modified

@@ -6066,33 +6066,44 @@ Version 1.6.35 [July 15, 2018]
 Version 1.6.36 [December 1, 2018]
   Optimized png_do_expand_palette for ARM processors.
   Improved performance by around 10-22% on a recent ARM Chromebook.
-  (Contributed by Richard Townsend, ARM Holdings)
+    (Contributed by Richard Townsend, ARM Holdings)
   Fixed manipulation of machine-specific optimization options.
-  (Contributed by Vicki Pfau)
+    (Contributed by Vicki Pfau)
   Used memcpy instead of manual pointer arithmetic on Intel SSE2.
-  (Contributed by Samuel Williams)
+    (Contributed by Samuel Williams)
   Fixed build errors with MSVC on ARM64.
-  (Contributed by Zhijie Liang)
+    (Contributed by Zhijie Liang)
   Fixed detection of libm in CMakeLists.
-  (Contributed by Cameron Cawley)
+    (Contributed by Cameron Cawley)
   Fixed incorrect creation of pkg-config file in CMakeLists.
-  (Contributed by Kyle Bentley)
+    (Contributed by Kyle Bentley)
   Fixed the CMake build on Windows MSYS by avoiding symlinks.
   Fixed a build warning on OpenBSD.
-  (Contributed by Theo Buehler)
+    (Contributed by Theo Buehler)
   Fixed various typos in comments.
-  (Contributed by "luz.paz")
+    (Contributed by "luz.paz")
   Raised the minimum required CMake version from 3.0.2 to 3.1.
   Removed yet more of the vestigial support for pre-ANSI C compilers.
   Removed ancient makefiles for ancient systems that have been broken
-  across all previous libpng-1.6.x versions.
+    across all previous libpng-1.6.x versions.
   Removed the Y2K compliance statement and the export control
-  information.
+    information.
   Applied various code style and documentation fixes.
 
-Version 1.6.37 [TODO]
-
-Send comments/corrections/commendations to png-mng-implement at lists.sf.net
-(subscription required; visit
+Version 1.6.37 [April 14, 2019]
+  Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
+  Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
+  Fixed a memory leak in pngtest.c.
+  Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
+    contrib/pngminus; refactor.
+  Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
+    (Contributed by Willem van Schaik)
+  Fixed a typo in the libpng license v2.
+    (Contributed by Miguel Ojeda)
+  Added makefiles for AddressSanitizer-enabled builds.
+  Cleaned up various makefiles.
+
+Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
+Subscription is required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
-to subscribe).
+to subscribe.

CMakeLists.txt+1 −1 modified

@@ -838,7 +838,7 @@ endif()
 # SET UP LINKS
 if(PNG_SHARED)
   set_target_properties(png PROPERTIES
-#   VERSION 16.${PNGLIB_RELEASE}.1.6.37.git
+#   VERSION 16.${PNGLIB_RELEASE}.1.6.37
     VERSION 16.${PNGLIB_RELEASE}.0
     SOVERSION 16
     CLEAN_DIRECT_OUTPUT 1)

configure+11 −11 modified

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libpng 1.6.37.git.
+# Generated by GNU Autoconf 2.69 for libpng 1.6.37.
 #
 # Report bugs to <png-mng-implement@lists.sourceforge.net>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libpng'
 PACKAGE_TARNAME='libpng'
-PACKAGE_VERSION='1.6.37.git'
-PACKAGE_STRING='libpng 1.6.37.git'
+PACKAGE_VERSION='1.6.37'
+PACKAGE_STRING='libpng 1.6.37'
 PACKAGE_BUGREPORT='png-mng-implement@lists.sourceforge.net'
 PACKAGE_URL=''
 
@@ -1372,7 +1372,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libpng 1.6.37.git to adapt to many kinds of systems.
+\`configure' configures libpng 1.6.37 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1442,7 +1442,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libpng 1.6.37.git:";;
+     short | recursive ) echo "Configuration of libpng 1.6.37:";;
    esac
   cat <<\_ACEOF
 
@@ -1622,7 +1622,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libpng configure 1.6.37.git
+libpng configure 1.6.37
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1954,7 +1954,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libpng $as_me 1.6.37.git, which was
+It was created by libpng $as_me 1.6.37, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2825,7 +2825,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libpng'
- VERSION='1.6.37.git'
+ VERSION='1.6.37'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -2946,7 +2946,7 @@ fi
 
 
 
-PNGLIB_VERSION=1.6.37.git
+PNGLIB_VERSION=1.6.37
 PNGLIB_MAJOR=1
 PNGLIB_MINOR=6
 PNGLIB_RELEASE=37
@@ -14354,7 +14354,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libpng $as_me 1.6.37.git, which was
+This file was extended by libpng $as_me 1.6.37, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -14420,7 +14420,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libpng config.status 1.6.37.git
+libpng config.status 1.6.37
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"

configure.ac+2 −2 modified

@@ -25,7 +25,7 @@ AC_PREREQ([2.68])
 
 dnl Version number stuff here:
 
-AC_INIT([libpng],[1.6.37.git],[png-mng-implement@lists.sourceforge.net])
+AC_INIT([libpng],[1.6.37],[png-mng-implement@lists.sourceforge.net])
 AC_CONFIG_MACRO_DIR([scripts])
 
 # libpng does not follow GNU file name conventions (hence 'foreign')
@@ -46,7 +46,7 @@ dnl automake, so the following is not necessary (and is not defined anyway):
 dnl AM_PREREQ([1.11.2])
 dnl stop configure from automagically running automake
 
-PNGLIB_VERSION=1.6.37.git
+PNGLIB_VERSION=1.6.37
 PNGLIB_MAJOR=1
 PNGLIB_MINOR=6
 PNGLIB_RELEASE=37

libpng.3+6 −8 modified

@@ -1,6 +1,6 @@
-.TH LIBPNG 3 "December 1, 2018"
+.TH LIBPNG 3 "April 14, 2019"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.6.36
+libpng \- Portable Network Graphics (PNG) Reference Library 1.6.37
 
 .SH SYNOPSIS
 \fB#include <png.h>\fP
@@ -519,7 +519,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng.
 .SH LIBPNG.TXT
 libpng-manual.txt - A description on how to use and modify libpng
 
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
  This document is released under the libpng license.
@@ -528,11 +528,11 @@ libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng version 1.6.36 - December 1, 2018
+ libpng version 1.6.36, December 2018, through 1.6.37 - April 2019
  Updated and distributed by Cosmin Truta
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
 
- libpng versions 0.97, January 1998, through 1.6.35 - July 15, 2018
+ libpng versions 0.97, January 1998, through 1.6.35 - July 2018
  Updated and distributed by Glenn Randers-Pehrson
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
@@ -6045,8 +6045,6 @@ Maintained by Cosmin Truta.
 
 Supported by the PNG development group
 .br
-png-mng-implement at lists.sf.net
-(subscription required; visit
 png-mng-implement at lists.sourceforge.net (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
 to subscribe).

libpng-manual.txt+4 −4 modified

@@ -1,6 +1,6 @@
 libpng-manual.txt - A description on how to use and modify libpng
 
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
  This document is released under the libpng license.
@@ -9,11 +9,11 @@ libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng version 1.6.36 - December 1, 2018
+ libpng version 1.6.36, December 2018, through 1.6.37 - April 2019
  Updated and distributed by Cosmin Truta
- Copyright (c) 2018 Cosmin Truta
+ Copyright (c) 2018-2019 Cosmin Truta
 
- libpng versions 0.97, January 1998, through 1.6.35 - July 15, 2018
+ libpng versions 0.97, January 1998, through 1.6.35 - July 2018
  Updated and distributed by Glenn Randers-Pehrson
  Copyright (c) 1998-2018 Glenn Randers-Pehrson

libpngpf.3+2 −2 modified

@@ -1,6 +1,6 @@
-.TH LIBPNGPF 3 "December 1, 2018"
+.TH LIBPNGPF 3 "April 14, 2019"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.6.36
+libpng \- Portable Network Graphics (PNG) Reference Library 1.6.37
 (private functions)
 
 .SH SYNOPSIS

png.5+2 −2 modified

@@ -1,4 +1,4 @@
-.TH PNG 5 "December 1, 2018"
+.TH PNG 5 "April 14, 2019"
 .SH NAME
 png \- Portable Network Graphics (PNG) format
 
@@ -60,7 +60,7 @@ Thomas Boutell and others (png-list).
 .LP
 This man page is
 .br
-Copyright (c) 2018 Cosmin Truta.
+Copyright (c) 2018-2019 Cosmin Truta.
 .br
 Copyright (c) 1998-2006 Glenn Randers-Pehrson.
 .br

png.c+2 −2 modified

@@ -14,7 +14,7 @@
 #include "pngpriv.h"
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_37_git Your_png_h_is_not_version_1_6_37_git;
+typedef png_libpng_version_1_6_37 Your_png_h_is_not_version_1_6_37;
 
 #ifdef __GNUC__
 /* The version tests may need to be added to, but the problem warning has
@@ -815,7 +815,7 @@ png_get_copyright(png_const_structrp png_ptr)
    return PNG_STRING_COPYRIGHT
 #else
    return PNG_STRING_NEWLINE \
-      "libpng version 1.6.37.git" PNG_STRING_NEWLINE \
+      "libpng version 1.6.37" PNG_STRING_NEWLINE \
       "Copyright (c) 2018-2019 Cosmin Truta" PNG_STRING_NEWLINE \
       "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \
       PNG_STRING_NEWLINE \

pngconf.h+3 −3 modified

@@ -1,9 +1,9 @@
 
-/* pngconf.h - machine configurable file for libpng
+/* pngconf.h - machine-configurable file for libpng
  *
- * libpng version 1.6.37.git
+ * libpng version 1.6.37
  *
- * Copyright (c) 2018 Cosmin Truta
+ * Copyright (c) 2018-2019 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson
  * Copyright (c) 1996-1997 Andreas Dilger
  * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.

png.h+10 −9 modified

@@ -1,7 +1,7 @@
 
 /* png.h - header file for PNG reference library
  *
- * libpng version 1.6.37.git
+ * libpng version 1.6.37 - April 14, 2019
  *
  * Copyright (c) 2018-2019 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
@@ -14,8 +14,9 @@
  *   libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
  *   libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger
  *   libpng versions 0.97, January 1998, through 1.6.35, July 2018:
- *     Glenn Randers-Pehrson.
- *   libpng version 1.6.36, December 1, 2018: Cosmin Truta
+ *     Glenn Randers-Pehrson
+ *   libpng versions 1.6.36, December 2018, through 1.6.37, April 2019:
+ *     Cosmin Truta
  *   See also "Contributing Authors", below.
  */
 
@@ -238,7 +239,7 @@
  *    ...
  *    1.5.30                  15    10530  15.so.15.30[.0]
  *    ...
- *    1.6.36                  16    10636  16.so.16.36[.0]
+ *    1.6.37                  16    10637  16.so.16.37[.0]
  *
  *    Henceforth the source version will match the shared-library major and
  *    minor numbers; the shared-library major version number will be used for
@@ -277,8 +278,8 @@
  */
 
 /* Version information for png.h - this should match the version in png.c */
-#define PNG_LIBPNG_VER_STRING "1.6.37.git"
-#define PNG_HEADER_VERSION_STRING " libpng version 1.6.37.git\n"
+#define PNG_LIBPNG_VER_STRING "1.6.37"
+#define PNG_HEADER_VERSION_STRING " libpng version 1.6.37 - April 14, 2019\n"
 
 #define PNG_LIBPNG_VER_SONUM   16
 #define PNG_LIBPNG_VER_DLLNUM  16
@@ -291,7 +292,7 @@
 /* This should be zero for a public release, or non-zero for a
  * development version.  [Deprecated]
  */
-#define PNG_LIBPNG_VER_BUILD  1
+#define PNG_LIBPNG_VER_BUILD  0
 
 /* Release Status */
 #define PNG_LIBPNG_BUILD_ALPHA    1
@@ -308,7 +309,7 @@
 #define PNG_LIBPNG_BUILD_SPECIAL 32 /* Cannot be OR'ed with
                                        PNG_LIBPNG_BUILD_PRIVATE */
 
-#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_BETA
+#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_STABLE
 
 /* Careful here.  At one time, Guy wanted to use 082, but that
  * would be octal.  We must not include leading zeros.
@@ -427,7 +428,7 @@ extern "C" {
 /* This triggers a compiler error in png.c, if png.c and png.h
  * do not agree upon the version number.
  */
-typedef char* png_libpng_version_1_6_37_git;
+typedef char* png_libpng_version_1_6_37;
 
 /* Basic control structions.  Read libpng-manual.txt or libpng.3 for more info.
  *

pngtest.c+1 −1 modified

@@ -2155,4 +2155,4 @@ main(void)
 #endif
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_37_git Your_png_h_is_not_version_1_6_37_git;
+typedef png_libpng_version_1_6_37 Your_png_h_is_not_version_1_6_37;

README+2 −2 modified

@@ -1,5 +1,5 @@
-README for libpng version 1.6.37.git
-====================================
+README for libpng version 1.6.37 - April 14, 2019
+=================================================
 
 See the note about version numbers near the top of png.h.
 See INSTALL for instructions on how to install libpng.

scripts/libpng-config-head.in+1 −1 modified

@@ -11,7 +11,7 @@
 
 # Modeled after libxml-config.
 
-version=1.6.37.git
+version=1.6.37
 prefix=""
 libdir=""
 libs=""

scripts/libpng.pc.in+1 −1 modified

@@ -5,6 +5,6 @@ includedir=@includedir@/libpng16
 
 Name: libpng
 Description: Loads and saves PNG files
-Version: 1.6.37.git
+Version: 1.6.37
 Libs: -L${libdir} -lpng16
 Cflags: -I${includedir}

scripts/makefile.netbsd+1 −1 modified

@@ -14,7 +14,7 @@ MANDIR= ${LOCALBASE}/man
 INCSDIR=${LOCALBASE}/include
 
 SHLIB_MAJOR=	16
-SHLIB_MINOR=	1.6.37.git
+SHLIB_MINOR=	1.6.37
 
 LIB=	png
 SRCS=	png.c pngerror.c pngget.c pngmem.c pngpread.c \

scripts/makefile.openbsd+1 −1 modified

@@ -11,7 +11,7 @@ LIBDIR=	${PREFIX}/lib
 MANDIR= ${PREFIX}/man/cat
 
 SHLIB_MAJOR=	16
-SHLIB_MINOR=	1.6.37.git
+SHLIB_MINOR=	1.6.37
 
 LIB=	png
 SRCS=	png.c pngerror.c pngget.c pngmem.c pngpread.c \

scripts/pnglibconf.h.prebuilt+1 −1 modified

@@ -1,6 +1,6 @@
 /* pnglibconf.h - library build configuration */
 
-/* libpng version 1.6.37.git */
+/* libpng version 1.6.37 */
 
 /* Copyright (c) 2018-2019 Cosmin Truta */
 /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */

617021c443f2

Upmerge of the 7.1.35 build

https://github.com/mysql/mysql-serverBalasubramanian KandasamyApr 1, 2015via osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:1265mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1267mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1269mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1308mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1309mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:1310mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:2494mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:2495mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:2585mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:2590mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:2592mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:2737mitrevendor-advisoryx_refsource_REDHAT
security.gentoo.org/glsa/201908-02mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3962-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/3991-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/3997-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4080-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4083-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4435mitrevendor-advisoryx_refsource_DEBIAN
www.debian.org/security/2019/dsa-4448mitrevendor-advisoryx_refsource_DEBIAN
www.debian.org/security/2019/dsa-4451mitrevendor-advisoryx_refsource_DEBIAN
packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.htmlmitrex_refsource_MISC
www.securityfocus.com/bid/108098mitrevdb-entryx_refsource_BID
bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
github.com/glennrp/libpng/issues/275mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/05/msg00032.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2019/05/msg00038.htmlmitremailing-listx_refsource_MLIST
seclists.org/bugtraq/2019/Apr/30mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/Apr/36mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/May/56mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/May/59mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/May/67mitremailing-listx_refsource_BUGTRAQ
security.netapp.com/advisory/ntap-20190719-0005/mitrex_refsource_CONFIRM
support.hpe.com/hpsc/doc/public/displaymitrex_refsource_CONFIRM
www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
www.oracle.com/security-alerts/cpuoct2021.htmlmitrex_refsource_MISC
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000