[Git][security-tracker-team/security-tracker][master] gst-plugins-good1.0 DSA

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jun 21 18:22:21 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f147c006 by Moritz Mühlenhoff at 2026-06-21T19:21:58+02:00
gst-plugins-good1.0 DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3849,6 +3849,7 @@ CVE-2026-52717
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11819 (1.24 branch)
 CVE-2026-53705 (A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-g ...)
 	- gst-plugins-good1.0 1.28.4-1
+	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0035.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5069
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11797
@@ -63547,14 +63548,12 @@ CVE-2026-3086 (GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Exec
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a2edc745bfea8835186a264c5e666be93f65a38e (1.28.1)
 CVE-2026-3083 (GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulne ...)
 	- gst-plugins-good1.0 1.28.1-1
-	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete codec, dropped upstream as a fix)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
 CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Executio ...)
 	- gst-plugins-good1.0 1.28.1-1
-	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete codec, dropped upstream as a fix)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
@@ -63602,7 +63601,6 @@ CVE-2026-2921 (GStreamer RIFF Palette Integer Overflow Remote Code Execution Vul
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/66d1f79c78b573db714434cf08e7531bed4f4473 (main)
 CVE-2026-1940 (An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in g ...)
 	- gst-plugins-good1.0 1.28.1-1
-	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, OOB read)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0001.html


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jun 2026] DSA-6359-1 gst-plugins-good1.0 - security update
+	{CVE-2026-1940 CVE-2026-3083 CVE-2026-3085 CVE-2026-39043 CVE-2026-39044}
+	[trixie] - gst-plugins-good1.0 1.26.2-1+deb13u2
 [21 Jun 2026] DSA-6358-1 libhttp-daemon-perl - security update
 	{CVE-2026-8450}
 	[trixie] - libhttp-daemon-perl 6.16-1+deb13u1


=====================================
data/dsa-needed.txt
=====================================
@@ -38,8 +38,6 @@ firebird4.0
 --
 gst-plugins-bad1.0
 --
-gst-plugins-good1.0 (jmm)
---
 jetty9
 --
 jetty12



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f147c006c15f6b76979b864309b37a646b3c1b2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f147c006c15f6b76979b864309b37a646b3c1b2c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260621/c15c0c69/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list