Subject: CVS commit: [pkgsrc-2019Q1] pkgsrc/graphics/png
From: S.P.Zeidler
Date: 2019-05-12 22:19:20
Message id: 20190512201920.144C0FB16@cvs.NetBSD.org
Log Message:
Pullup ticket #5955 - requested by taca
graphics/png: security update

Revisions pulled up:
- graphics/png/Makefile                                         1.198
- graphics/png/distinfo                                         1.142

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Apr 17 07:05:21 UTC 2019

   Modified Files:
   	pkgsrc/graphics/png: Makefile distinfo

   Log Message:
   png: update to 1.6.37.

   This is largely a bugfix-only release. Most importantly, it contains
   a fix for a use-after-free vulnerability (CVE-2019-7317) affecting
   the simplified libpng API, and a fix for a memory leak affecting the
   ARM NEON implementation of the palette-to-RGB(A) expansion.

   To generate a diff of this commit:
   cvs rdiff -u -r1.197 -r1.198 pkgsrc/graphics/png/Makefile
   cvs rdiff -u -r1.141 -r1.142 pkgsrc/graphics/png/distinfo
Files:
RevisionActionfile
1.197.4.1modifypkgsrc/graphics/png/Makefile
1.141.4.1modifypkgsrc/graphics/png/distinfo