[3.9] libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
A vulnerability was found in libpng 1.6.36. The function
png_image_free in png.c has
a use-after-free because png_image_free_function is called under png_safe_execute.
This flaw is in the PNG Simplified API, which was introduced
upstream in libpng-1.6.0. Previous versions of libpng are not affected.
(from redmine: issue id 10362, created on 2019-04-29, closed on 2019-05-06)
main/libpng: upgrade to 1.6.37 - Add secfixes CVE-2019-7317 CVE-2018-14048 CVE-2018-14550 - Remove pkg-config detected depends_dev - Split $pkgname-static fixes #10362