[Git][security-tracker-team/security-tracker][master] gstreamer triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 29 13:24:38 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63441dd9 by Moritz Muehlenhoff at 2026-06-29T14:24:18+02:00
gstreamer triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4634,11 +4634,23 @@ CVE-2026-13006 (ACE vulnerability in conditional configuration file processing
 	NOTE: https://logback.qos.ch/news.html#1.5.35
 CVE-2026-12892 (A flaw was found in GStreamer's gst-plugins-bad package. When processi ...)
 	- gst-plugins-bad1.0 <unfixed>
+	[trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491321
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0047.html
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5108 (private)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11938
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8c6d4df57b531c7b41a5f3bce28d2c7bc98a1d3d (1.29.2)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/82c694705e864ab825694464a1a83082cbb976b3 (1.28 branch)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/dfd0be05499d3315b0d125b3be5f06f7ace52259 (1.26 branch)
 CVE-2026-12891 (A flaw was found in the GStreamer gst-plugins-bad package. When proces ...)
 	- gst-plugins-bad1.0 <unfixed>
+	[trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491318
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0048.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5109 (private)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eec42c2fedda888085d3356b3a5af1ada86f5746 (1.29.2)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/89313b6ddd69f7495e61adfaa5137e430668d660 (1.28 branch)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/dbf50dce3154ec4aa9d3858110761f3479a0f002 (1.26 branch)
 CVE-2026-12851 (Multiple OS command injection vulnerabilities exist in the libNetSetOb ...)
 	NOT-FOR-US: GeoVision
 CVE-2026-12850 (Multiple OS command injection vulnerabilities exist in the libNetSetOb ...)
@@ -9321,17 +9333,28 @@ CVE-2026-53430 (Improper Handling of Highly Compressed Data (Data Amplification)
 	NOT-FOR-US: elixir-grpc grpc
 CVE-2026-52722 (A signed integer overflow vulnerability was found in GStreamer's VMnc  ...)
 	- gst-plugins-bad1.0 <unfixed>
+	[trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486733
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0046.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5107 (private)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6c146775d784bbe91ff7afc6701ba351306282ce (1.29.2)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d30966b87f3a1358b01ec404607f6c9b2f10e9f7 (1.26 branch)
 CVE-2026-52721 (Multiple out-of-bounds read vulnerabilities were found in GStreamer's  ...)
 	- gst-plugins-bad1.0 <unfixed> (unimportant)
+	[trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486732
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0045.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5106 (private)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3833dd745ef7b1cd5f699c90897ecca3ef09c59b (1.29.2)
 	NOTE: Negligible security impact
 CVE-2026-52720 (A heap buffer overflow vulnerability was found in GStreamer's librfb ( ...)
 	- gst-plugins-bad1.0 <unfixed>
+	[trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486731
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0043.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105 (private)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f3b66928a194b32b27fac3c3379d3d20e5966442 (1.29.2)
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1ca88138fb0f8562861956b66a0c98406bcb7370 (1.26 branch)
 CVE-2026-52703 (Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-52702 (Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63441dd973fb19e7176f0974e4f0d28f4de1fb0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63441dd973fb19e7176f0974e4f0d28f4de1fb0d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260629/f74fbae9/attachment.htm>


More information about the debian-security-tracker-commits mailing list