[Git][security-tracker-team/security-tracker][master] gst DSAs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bffdad1e by Moritz Mühlenhoff at 2026-04-01T22:13:17+02:00
gst DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11884,6 +11884,7 @@ CVE-2026-23239 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/e1512c1db9e8794d8d130addd2615ec27231d994 (7.0-rc2)
 CVE-2026-3084 (GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution V ...)
 	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	[trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
 	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0011.html
@@ -11892,6 +11893,7 @@ CVE-2026-3084 (GStreamer H.266 Codec Parser Integer Underflow Remote Code Execut
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/30fd03d95459af230c5bd5c76c31a82255db4135 (1.28.1)
 CVE-2026-3081 (GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code E ...)
 	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	[trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
 	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0010.html
@@ -11899,6 +11901,7 @@ CVE-2026-3081 (GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote C
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c35d1df1c6514db8249dfbf22b952d2691fe347a (1.28.1)
 CVE-2026-3086 (GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution ...)
 	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	[trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
 	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0009.html


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,11 @@
+[01 Apr 2026] DSA-6191-1 gst-plugins-ugly1.0 - security update
+	{CVE-2026-2920 CVE-2026-2922}
+	[bookworm] - gst-plugins-ugly1.0 1.22.0-2+deb12u2
+	[trixie] - gst-plugins-ugly1.0 1.26.3-4+deb13u1
+[01 Apr 2026] DSA-6190-1 gst-plugins-bad1.0 - security update
+	{CVE-2026-2923 CVE-2026-3082}
+	[bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u7
+	[trixie] - gst-plugins-bad1.0 1.26.2-3+deb13u1
 [31 Mar 2026] DSA-6189-1 libpng1.6 - security update
 	{CVE-2026-33416 CVE-2026-33636}
 	[bookworm] - libpng1.6 1.6.39-2+deb12u4


=====================================
data/dsa-needed.txt
=====================================
@@ -32,10 +32,6 @@ gh/oldstable
 --
 git-lfs
 --
-gst-plugins-bad1.0 (jmm)
---
-gst-plugins-ugly1.0 (jmm)
---
 imagemagick/oldstable
 --
 inetutils



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bffdad1ead967b4c11e08dc4bab62f94bf0c6684

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bffdad1ead967b4c11e08dc4bab62f94bf0c6684
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260401/cb5b44b2/attachment-0001.htm>