From: Matthieu Herrb <matthieu@openbsd.org>
Subject: [update] png 1.6.52
To: ports@openbsd.org
Date: Thu, 4 Dec 2025 08:26:09 +0100

CVE-2025-66293 (CVSS 7.1, High): Out-of-bounds read in
png_image_read_composite when processing palette PNG images with
partial transparency and gamma correction.

ok ? (and also for -stable)

Index: Makefile
===================================================================
RCS file: /local/cvs/ports/graphics/png/Makefile,v
diff -u -p -u -r1.144 Makefile
--- Makefile	24 Nov 2025 21:23:35 -0000	1.144
+++ Makefile	4 Dec 2025 07:24:03 -0000
@@ -4,7 +4,7 @@
 
 COMMENT=	library for manipulating PNG images
 
-VERSION=	1.6.51
+VERSION=	1.6.52
 DISTNAME=	libpng-${VERSION}
 PKGNAME=	png-${VERSION}
 CATEGORIES=	graphics
Index: distinfo
===================================================================
RCS file: /local/cvs/ports/graphics/png/distinfo,v
diff -u -p -u -r1.73 distinfo
--- distinfo	24 Nov 2025 21:23:35 -0000	1.73
+++ distinfo	4 Dec 2025 07:24:03 -0000
@@ -1,2 +1,2 @@
-SHA256 (libpng-1.6.51.tar.xz) = oFCoktO0p7sBDDqVxzAeSWVtcqZPH8cJqQuK3tGSvtI=
-SIZE (libpng-1.6.51.tar.xz) = 1060772
+SHA256 (libpng-1.6.52.tar.xz) = Nr1yYijsk6O2wi/bSelKZ7FvL+mzm3i3y2V3KWZmHMw=
+SIZE (libpng-1.6.52.tar.xz) = 1063580

-- 
Matthieu Herrb