Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cd6e1c12 by Utkarsh Gupta at 2025-12-25T23:04:13+05:30
Reserve DLA-4419-1 for gst-plugins-good1.0
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -50563,7 +50563,6 @@ CVE-2025-47806 (In GStreamer through 1.26.1, the
subparse plugin's parse_subrip_
CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's
qtdemux_parse_trak fu ...)
- gst-plugins-good1.0 1.26.2-1
[bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u3
- [bullseye] - gst-plugins-good1.0 <postponed> (Minor issue; can be fixed
in next update)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0004.html
NOTE: For 1.26.y major refactoring fixing the issue:
@@ -50576,7 +50575,6 @@ CVE-2025-47188 (A vulnerability in the Mitel 6800
Series, 6900 Series, and 6900w
CVE-2025-47183 (In GStreamer through 1.26.1, the isomp4 plugin's
qtdemux_parse_tree fu ...)
- gst-plugins-good1.0 1.26.2-1
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
- [bullseye] - gst-plugins-good1.0 <postponed> (Minor issue; can be fixed
in next update)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0005.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/48bf6a92d75051be7e5ffb66fcd1a49de74fe865
(1.27.1)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[25 Dec 2025] DLA-4419-1 gst-plugins-good1.0 - security update
+ {CVE-2025-47183 CVE-2025-47219}
+ [bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u4
[22 Dec 2025] DLA-4418-1 python-mechanize - security update
{CVE-2021-32837}
[bullseye] - python-mechanize 1:0.4.5-2+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -149,12 +149,6 @@ grub2
NOTE: 20251129: Maintainer (jak) replied: work underway, proposed to skip
next point release (2026-01, too soon)
NOTE: 20251129: also uncertainty on whether a shim/SBAT (revocation) update
is feasible/needed.
--
-gst-plugins-good1.0 (utkarsh)
- NOTE: 20251108: Added by Front-Desk (Beuc)
- NOTE: 20251108: Low-priority, for new team members
- NOTE: 20251108: Follow fixes from bookworm 12.12 (1 CVE) (Beuc/front-desk)
- NOTE: 20251113: Will upload CVE-2025-47183 to bookworm first
---
guix
NOTE: 20250707: Added by Front-Desk (apo)
NOTE: 20251011: Proposed for EOL:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/262
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e1c127ee7497b63db8f377fe992f320acbaf8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e1c127ee7497b63db8f377fe992f320acbaf8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
