[Git][security-tracker-team/security-tracker][master] Add new set of gstreamer related CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f40bc2da by Salvatore Bonaccorso at 2026-03-10T13:37:39+01:00
Add new set of gstreamer related CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2026-3084
+	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
+	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0011.html
+	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10887
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/81d8a555c06e8be51da6c6344eb52f91bf2b15f6 (main)
+CVE-2026-3081
+	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
+	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0010.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3a4a2c220de5714ecb18822f3a3f395f04d84886 (main)
+CVE-2026-3086
+	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	[bookworm] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
+	[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0009.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa1f5a80085ef65154a982dd3b23181100265c7e (main)
+CVE-2026-3083
+	- gst-plugins-good1.0 1.28.1-1
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
+CVE-2026-3085
+	- gst-plugins-good1.0 1.28.1-1
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
+CVE-2026-2923
+	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0007.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1b12d63b4414de80ebf5561823b6a0ac8b734eb1 (main)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3b8253f447bcc9831dbf643d2c69b205fedbe086 (main)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f0a84752aaa09457fcf736c93cecdff34ec0bfb2 (main)
+CVE-2026-2920
+	- gst-plugins-ugly1.0 1.28.1-1
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0006.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3 (main)
+CVE-2026-2922
+	- gst-plugins-ugly1.0 1.28.1-1
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0005.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8a17c9d183ca3cfb5e97ae3b3f344ba79f8859df (main)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cfc74588fca99328419eb16921fa559739a7b503 (main)
+CVE-2026-2921
+	- gst-plugins-base1.0 1.28.1-1
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0004.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/66d1f79c78b573db714434cf08e7531bed4f4473 (main)
+CVE-2026-1940
+	- gst-plugins-bad1.0 1.28.1-1 (bug #1130059)
+	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0001.html
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1171ae8ac218ea85f8dc41203a2ee146ff322a20 (main)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3564405b6919469427750f6b89d4abbe43534fa2 (main)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c73a1f4427ecb2e77d00fdd9576bd9864cfaba97 (main)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8822ee3b2397d865c21cbbd8e36fb2d64d6ab380 (main)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/081484ec99aa75fe24b3286d88e1f1280deea56a (main)
 CVE-2026-3585 (The The Events Calendar plugin for WordPress is vulnerable to Path Tra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-31816 (Budibase is a low code platform for creating internal tools, workflows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f40bc2da5e80b8276ddea923106659218f4ef821

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f40bc2da5e80b8276ddea923106659218f4ef821
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/a45045bb/attachment.htm>