[Git][security-tracker-team/security-tracker][master] gst DSAs

Moritz Muehlenhoff (@jmm) Wed, 01 Apr 2026 16:50:09 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bffdad1e by Moritz Mühlenhoff at 2026-04-01T22:13:17+02:00
gst DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11884,6 +11884,7 @@ CVE-2026-23239 (In the Linux kernel, the following 
vulnerability has been resolv
        NOTE: 
https://git.kernel.org/linus/e1512c1db9e8794d8d130addd2615ec27231d994 (7.0-rc2)
 CVE-2026-3084 (GStreamer H.266 Codec Parser Integer Underflow Remote Code 
Execution V ...)
        - gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+       [trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
        [bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not 
present)
        [bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not 
present)
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0011.html
@@ -11892,6 +11893,7 @@ CVE-2026-3084 (GStreamer H.266 Codec Parser Integer 
Underflow Remote Code Execut
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/30fd03d95459af230c5bd5c76c31a82255db4135
 (1.28.1)
 CVE-2026-3081 (GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote 
Code E ...)
        - gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+       [trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
        [bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not 
present)
        [bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not 
present)
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0010.html
@@ -11899,6 +11901,7 @@ CVE-2026-3081 (GStreamer H.266 Codec Parser Stack-based 
Buffer Overflow Remote C
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c35d1df1c6514db8249dfbf22b952d2691fe347a
 (1.28.1)
 CVE-2026-3086 (GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code 
Execution ...)
        - gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+       [trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
        [bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not 
present)
        [bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not 
present)
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0009.html


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,11 @@
+[01 Apr 2026] DSA-6191-1 gst-plugins-ugly1.0 - security update
+       {CVE-2026-2920 CVE-2026-2922}
+       [bookworm] - gst-plugins-ugly1.0 1.22.0-2+deb12u2
+       [trixie] - gst-plugins-ugly1.0 1.26.3-4+deb13u1
+[01 Apr 2026] DSA-6190-1 gst-plugins-bad1.0 - security update
+       {CVE-2026-2923 CVE-2026-3082}
+       [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u7
+       [trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
 [31 Mar 2026] DSA-6189-1 libpng1.6 - security update
        {CVE-2026-33416 CVE-2026-33636}
        [bookworm] - libpng1.6 1.6.39-2+deb12u4


=====================================
data/dsa-needed.txt
=====================================
@@ -32,10 +32,6 @@ gh/oldstable
 --
 git-lfs
 --
-gst-plugins-bad1.0 (jmm)
---
-gst-plugins-ugly1.0 (jmm)
---
 imagemagick/oldstable
 --
 inetutils



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bffdad1ead967b4c11e08dc4bab62f94bf0c6684

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bffdad1ead967b4c11e08dc4bab62f94bf0c6684
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] gst DSAs

Reply via email to