ALT-BU-2025-15391-1
Branch sisyphus_riscv64 update bulletin.
Package freerdp3 updated to version 3.17.2-alt2 for branch sisyphus_riscv64.
Closed bugs
broken pc-files
Package pgbouncer updated to version 1.25.1-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2025-12-27
CVE-2025-12819
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.
Package checksumgen updated to version 0.4.2-alt1.1 for branch sisyphus_riscv64.
Closed vulnerabilities
No data currently available.
Package libpng16 updated to version 1.6.52-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2025-12-16
CVE-2025-66293
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
- https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1
- https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a
- https://github.com/pnggroup/libpng/issues/764
- https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f
- http://www.openwall.com/lists/oss-security/2025/12/03/6
- http://www.openwall.com/lists/oss-security/2025/12/03/7
- http://www.openwall.com/lists/oss-security/2025/12/03/8
- https://github.com/pnggroup/libpng/issues/764