[Git][security-tracker-team/security-tracker][master] Correct tracking for CVE-2026-5271{7,8}

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 16 19:41:10 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99be6691 by Salvatore Bonaccorso at 2026-06-16T20:37:44+02:00
Correct tracking for CVE-2026-5271{7,8}

While the merge requests for older branches cover more changes the CVEs
are really only for the change in gst-libav1.0 (for CVE-2026-52717) and
in gst-plugins-bad1.0 for (CVE-2026-52718).

Thus correct this tracking.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -655,10 +655,7 @@ CVE-2026-52719 (An out-of-bounds read vulnerability was found in the VA JPEG dec
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/987278d3b2c01c5bf387181a120bec5856aba82c (1.26 branch)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c5f9c5bee5f2139157c0ce0a160f0a1173b7ce94 (1.24 branch)
 CVE-2026-52718 (A denial of service vulnerability was found in GStreamer's AV1 codec p ...)
-	- gst-libav1.0 1.28.4-1
 	- gst-plugins-bad1.0 1.28.4-1
-	- gst-plugins-good1.0 1.28.4-1
-	- gst-plugins-ugly1.0 1.28.4-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0039.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11803
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11827 (1.28.4)
@@ -666,7 +663,6 @@ CVE-2026-52718 (A denial of service vulnerability was found in GStreamer's AV1 c
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11830 (1.24 branch)
 CVE-2026-52717
 	- gst-libav1.0 1.28.4-1
-	- gst-plugins-good1.0 1.28.4-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0037.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11801
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11820 (1.28.4)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99be6691599c839917f82650863e0c4f39b0ac1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99be6691599c839917f82650863e0c4f39b0ac1f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/6a68c2a1/attachment.htm>

More information about the debian-security-tracker-commits mailing list