ChangeLog for: 2025-11-23 22:51:41

a/lvm2-2.03.37-x86_64-1.txz:  Upgraded.
d/parallel-20251122-noarch-1.txz:  Upgraded.
l/at-spi2-core-2.58.2-x86_64-1.txz:  Upgraded.
l/libpng-1.6.51-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  Fixed CVE-2025-64505 (moderate severity):
  Heap buffer overflow in `png_do_quantize` via malformed palette index.
  (Reported by Samsung; analyzed by Fabio Gritti.)
  Fixed CVE-2025-64506 (moderate severity):
  Heap buffer over-read in `png_write_image_8bit` with 8-bit input and
  `convert_to_8bit` enabled.
  (Reported by Samsung and ;
  analyzed by Fabio Gritti.)
  Fixed CVE-2025-64720 (high severity):
  Buffer overflow in `png_image_read_composite` via incorrect palette
  premultiplication.
  (Reported by Samsung; analyzed by John Bowler.)
  Fixed CVE-2025-65018 (high severity):
  Heap buffer overflow in `png_combine_row` triggered via
  `png_image_finish_read`.
  (Reported by .)
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2025-64505
    https://www.cve.org/CVERecord?id=CVE-2025-64506
    https://www.cve.org/CVERecord?id=CVE-2025-64720
    https://www.cve.org/CVERecord?id=CVE-2025-65018
  (* Security fix *)
l/vte-0.82.2-x86_64-1.txz:  Upgraded.
n/nghttp3-1.13.0-x86_64-1.txz:  Upgraded.