CLSA-2026-1777976295 Fix CVE(s): CVE-2026-28690

SECURITY UPDATE: stack buffer overflow in MNG/JNG encoder — missing NULL check after ImageToBlob in WriteOneJNGImage could propagate a NULL blob pointer into later stack buffer operations GHSA-7h7q-j33q-hvpf. - debian/patches/CVE-2026-28690.patch: bail out of WriteOneJNGImage when ImageToBlob...