Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f147c006 by Moritz Mühlenhoff at 2026-06-21T19:21:58+02:00
gst-plugins-good1.0 DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3849,6 +3849,7 @@ CVE-2026-52717
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11819 (1.24
branch)
CVE-2026-53705 (A flaw was found in GStreamer's WavPack audio decoder in
gst-plugins-g ...)
- gst-plugins-good1.0 1.28.4-1
+ [trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0035.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5069
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11797
@@ -63547,14 +63548,12 @@ CVE-2026-3086 (GStreamer H.266 Codec Parser
Out-Of-Bounds Write Remote Code Exec
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a2edc745bfea8835186a264c5e666be93f65a38e
(1.28.1)
CVE-2026-3083 (GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code
Execution Vulne ...)
- gst-plugins-good1.0 1.28.1-1
- [trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete
codec, dropped upstream as a fix)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf
(main)
CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code
Executio ...)
- gst-plugins-good1.0 1.28.1-1
- [trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete
codec, dropped upstream as a fix)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
@@ -63602,7 +63601,6 @@ CVE-2026-2921 (GStreamer RIFF Palette Integer Overflow
Remote Code Execution Vul
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/66d1f79c78b573db714434cf08e7531bed4f4473
(main)
CVE-2026-1940 (An incomplete fix for CVE-2024-47778 allows an out-of-bounds
read in g ...)
- gst-plugins-good1.0 1.28.1-1
- [trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, OOB read)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0001.html
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jun 2026] DSA-6359-1 gst-plugins-good1.0 - security update
+ {CVE-2026-1940 CVE-2026-3083 CVE-2026-3085 CVE-2026-39043
CVE-2026-39044}
+ [trixie] - gst-plugins-good1.0 1.26.2-1+deb13u2
[21 Jun 2026] DSA-6358-1 libhttp-daemon-perl - security update
{CVE-2026-8450}
[trixie] - libhttp-daemon-perl 6.16-1+deb13u1
=====================================
data/dsa-needed.txt
=====================================
@@ -38,8 +38,6 @@ firebird4.0
--
gst-plugins-bad1.0
--
-gst-plugins-good1.0 (jmm)
---
jetty9
--
jetty12
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f147c006c15f6b76979b864309b37a646b3c1b2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f147c006c15f6b76979b864309b37a646b3c1b2c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
