mirror of
https://github.com/flutter/flutter.git
synced 2026-02-20 02:29:02 +08:00
15d137647e
This pull request is created by [automatic cherry pick workflow](https://github.com/flutter/flutter/blob/main/docs/releases/Flutter-Cherrypick-Process.md#automatically-creates-a-cherry-pick-request) Please fill in the form below, and a flutter domain expert will evaluate this cherry pick request. ### Issue Link: What is the link to the issue this cherry-pick is addressing? https://github.com/flutter/flutter/issues/180191 ### Impact Description: What is the impact (ex. visual jank on Samsung phones, app crash, cannot ship an iOS app)? Does it impact development (ex. flutter doctor crashes when Android Studio is installed), or the shipping of production apps (the app crashes on launch). This information is for domain experts and release engineers to understand the consequences of saying yes or no to the cherry pick. Updates a library that had multiple CVE's to a version that has those issues patched. https://ubuntu.com/security/CVE-2025-64505 https://ubuntu.com/security/CVE-2025-64506 https://ubuntu.com/security/CVE-2025-64720 https://ubuntu.com/security/CVE-2025-65018 FWIW I have not seen a working exploit against a flutter app. ### Changelog Description: Explain this cherry pick: * In one line that is accessible to most Flutter developers. * That describes the state prior to the fix. * That includes which platforms are impacted. See [best practices](https://github.com/flutter/flutter/blob/main/docs/releases/Hotfix-Documentation-Best-Practices.md) for examples. < Replace with changelog description here > [flutter/180191] Update libpng to 1.6.53 to mitigate multiple CVE's published November/December 2025. ### Workaround: Is there a workaround for this issue? No work around. ### Risk: What is the risk level of this cherry-pick? ### Test Coverage: Are you confident that your fix is well-tested by automated tests? - [ x ] Yes ### Validation Steps: What are the steps to validate that this fix works? Run the standard test suite on CI including golden image tests.