id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	phab_field
3977	update libpng 1.6.19 to 1.6.21 due to security	Raymond		"see:

http://www.libpng.org/pub/png/libpng.html :

""Virtually all libpng versions through 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64, respectively, have a potential pointer overflow/underflow in png_handle_sPLT()/png_handle_pCAL() (and in png_handle_iTXt()/png_handle_zTXt() in the pre-1.6 branches), and all such versions likewise have a bug in their png_set_PLTE() implementations that left it open to the out-of-bounds write (CVE-2015-8126) that was supposed to have been fixed in the previous release. The bugs are fixed in versions 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65, released on 3 December 2015."""	defect	closed	Must Have	Alpha 23	Core engine	fixed