libpng: security bump to version 1.6.19

Fixes:
png_set_PLTE/png_get_PLTE functions failed to check for
an out-of-range palette when reading or writing PNG files with a bit_depth
less than 8.

CVE not yet assigned.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/libpng/libpng.hash b/package/libpng/libpng.hash
index 92ac24faa04be0142f95f8377bb6708617e50e06..a26538dd563e4096aca4cff7d3fa85656875caee 100644 (file)
--- a/package/libpng/libpng.hash
+++ b/package/libpng/libpng.hash
@@ -1,3 +1,3 @@
-# From http://sourceforge.net/projects/libpng/files/libpng16/1.6.18/
-md5    6a57c8e0f5469b9c9949a4b43d57b3a1        libpng-1.6.18.tar.xz
-sha1   c6e06510d30beba08c96c468ab269fafb2bb256f        libpng-1.6.18.tar.xz
+# From http://sourceforge.net/projects/libpng/files/libpng16/1.6.19/
+md5    1e6a458429e850fc93c1f3b6dc00a48f        libpng-1.6.19.tar.xz
+sha1   483d72ced11c9258f9d1119105273d9af9ff151c        libpng-1.6.19.tar.xz

diff --git a/package/libpng/libpng.mk b/package/libpng/libpng.mk
index 5500a611927ec112fb169b18e63b8c297fbfc0b2..649a3e0c495ce64dd14e2634c70363e2b12cf57d 100644 (file)
--- a/package/libpng/libpng.mk
+++ b/package/libpng/libpng.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBPNG_VERSION = 1.6.18
+LIBPNG_VERSION = 1.6.19
 LIBPNG_SERIES = 16
 LIBPNG_SOURCE = libpng-$(LIBPNG_VERSION).tar.xz
 LIBPNG_SITE = http://downloads.sourceforge.net/project/libpng/libpng${LIBPNG_SERIES}/$(LIBPNG_VERSION)