diff --git a/ANNOUNCE b/ANNOUNCE
index 3b22e33d6..36539f2af 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,4 +1,4 @@
-Libpng 1.6.20beta01 - November 13, 2015
+Libpng 1.6.20beta01 - November 17, 2015
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -26,7 +26,7 @@ Other information:
 Changes since the last public release (1.6.19):
 
 Version 1.6.20beta01 [(PENDING RELEASE)]
-  Avoid potential pointer overflow in png_handle_sPLT() and
+  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
     png_handle_pCAL() (Bug report by John Regehr).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
diff --git a/CHANGES b/CHANGES
index 13058a91b..4bf131097 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5415,7 +5415,7 @@ Version 1.6.19 [November 12, 2015]
   Cleaned up coding style in png_handle_PLTE().
 
 Version 1.6.20beta01 [(PENDING RELEASE)]
-  Avoid potential pointer overflow in png_handle_sPLT() and
+  Avoid potential pointer overflow/underflow in png_handle_sPLT() and
     png_handle_pCAL() (Bug report by John Regehr).
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
diff --git a/pngrutil.c b/pngrutil.c
index dac00caa0..c30eeafea 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -2174,7 +2174,7 @@ png_handle_pCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
    /* We need to have at least 12 bytes after the purpose string
     * in order to get the parameter information.
     */
-   if (length < 12 || endptr - buf <= 12)
+   if (endptr - buf <= 12)
    {
       png_chunk_benign_error(png_ptr, "invalid");
       return;