id,summary,reporter,owner,description,type,status,priority,milestone,component,resolution,keywords,cc,phab_field
3977,update libpng 1.6.19 to 1.6.21 due to security,Raymond,,"see:

http://www.libpng.org/pub/png/libpng.html :

""Virtually all libpng versions through 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64, respectively, have a potential pointer overflow/underflow in png_handle_sPLT()/png_handle_pCAL() (and in png_handle_iTXt()/png_handle_zTXt() in the pre-1.6 branches), and all such versions likewise have a bug in their png_set_PLTE() implementations that left it open to the out-of-bounds write (CVE-2015-8126) that was supposed to have been fixed in the previous release. The bugs are fixed in versions 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65, released on 3 December 2015.""",defect,closed,Must Have,Alpha 23,Core engine,fixed,,,