[Git][security-tracker-team/security-tracker][master] Two gst-plugins-bad1.0 issues fixed with 1.28.4-1 update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 16 10:37:06 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
606fe90d by Salvatore Bonaccorso at 2026-06-16T11:36:33+02:00
Two gst-plugins-bad1.0 issues fixed with 1.28.4-1 update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -636,7 +636,7 @@ CVE-2026-53703 (A vulnerability was found in the GStreamer RealMedia demuxer (gs
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11831 (1.26 branch)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11832 (1.24 branch)
 CVE-2026-52719 (An out-of-bounds read vulnerability was found in the VA JPEG decoder i ...)
-	- gst-plugins-bad1.0 <unfixed>
+	- gst-plugins-bad1.0 1.28.4-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0040.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11805
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/35a7895274f5f7b38aaab9ceeec4af48e699e3ee (1.28.4)
@@ -644,7 +644,7 @@ CVE-2026-52719 (An out-of-bounds read vulnerability was found in the VA JPEG dec
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c5f9c5bee5f2139157c0ce0a160f0a1173b7ce94 (1.24 branch)
 CVE-2026-52718 (A denial of service vulnerability was found in GStreamer's AV1 codec p ...)
 	- gst-libav1.0 1.28.4-1
-	- gst-plugins-bad1.0 <unfixed>
+	- gst-plugins-bad1.0 1.28.4-1
 	- gst-plugins-good1.0 1.28.4-1
 	- gst-plugins-ugly1.0 1.28.4-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0039.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606fe90d021cbea95ae0f11180b9ed1b2c6b48c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/606fe90d021cbea95ae0f11180b9ed1b2c6b48c8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/f8d23ca2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list