[Git][security-tracker-team/security-tracker][master] Reserve DLA-4419-1 for gst-plugins-good1.0

Thu Dec 25 17:34:29 GMT 2025


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd6e1c12 by Utkarsh Gupta at 2025-12-25T23:04:13+05:30
Reserve DLA-4419-1 for gst-plugins-good1.0

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50563,7 +50563,6 @@ CVE-2025-47806 (In GStreamer through 1.26.1, the subparse plugin's parse_subrip_
 CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak fu ...)
 	- gst-plugins-good1.0 1.26.2-1
 	[bookworm] - gst-plugins-good1.0 1.22.0-5+deb12u3
-	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0004.html
 	NOTE: For 1.26.y major refactoring fixing the issue:
@@ -50576,7 +50575,6 @@ CVE-2025-47188 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w
 CVE-2025-47183 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree fu ...)
 	- gst-plugins-good1.0 1.26.2-1
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
-	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0005.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/48bf6a92d75051be7e5ffb66fcd1a49de74fe865 (1.27.1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[25 Dec 2025] DLA-4419-1 gst-plugins-good1.0 - security update
+	{CVE-2025-47183 CVE-2025-47219}
+	[bullseye] - gst-plugins-good1.0 1.18.4-2+deb11u4
 [22 Dec 2025] DLA-4418-1 python-mechanize - security update
 	{CVE-2021-32837}
 	[bullseye] - python-mechanize 1:0.4.5-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -149,12 +149,6 @@ grub2
   NOTE: 20251129: Maintainer (jak) replied: work underway, proposed to skip next point release (2026-01, too soon)
   NOTE: 20251129: also uncertainty on whether a shim/SBAT (revocation) update is feasible/needed.
 --
-gst-plugins-good1.0 (utkarsh)
-  NOTE: 20251108: Added by Front-Desk (Beuc)
-  NOTE: 20251108: Low-priority, for new team members
-  NOTE: 20251108: Follow fixes from bookworm 12.12 (1 CVE) (Beuc/front-desk)
-  NOTE: 20251113: Will upload CVE-2025-47183 to bookworm first
---
 guix
   NOTE: 20250707: Added by Front-Desk (apo)
   NOTE: 20251011: Proposed for EOL: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/262



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e1c127ee7497b63db8f377fe992f320acbaf8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e1c127ee7497b63db8f377fe992f320acbaf8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251225/7723930f/attachment-0001.htm>
