[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-2920,2922: add gst-plugins-ugly1.0 fixes for lts branches
Carlos Henrique Lima Melara (@charles)
gitlab at salsa.debian.org
Sun Mar 22 14:31:02 GMT 2026
Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70de88b5 by Carlos Henrique Lima Melara at 2026-03-22T11:24:24-03:00
CVE-2026-2920,2922: add gst-plugins-ugly1.0 fixes for lts branches
- - - - -
2e29240d by Carlos Henrique Lima Melara at 2026-03-22T11:26:32-03:00
LTS: add gst-plugins-ugly1.0 to dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5802,11 +5802,20 @@ CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Exec
- gst-plugins-ugly1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0006.html
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3 (main)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8f9c0adbe615caf95cf711d4548038db19e5749a (1.28.1)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3dc4244f030a0af077b9f87fd8ad50d4032428ef (1.26.11)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9f9d1f664546d99e5ca0c3ced216e76dd08b409f (1.24 branch)
CVE-2026-2922 (GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution ...)
- gst-plugins-ugly1.0 1.28.1-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0005.html
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8a17c9d183ca3cfb5e97ae3b3f344ba79f8859df (main)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cfc74588fca99328419eb16921fa559739a7b503 (main)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cb184dad2cdec285f8d8f2b2388edfd03c1b2cf8 (1.28.1)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3bcbda6795291c087737f0d0d7e0829c091d8b17 (1.28.1)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4ce6a65ea4440afab9a1b35334c6d100de5cf0a3 (1.26.11)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2d0c93dbc2307a1a1d0e067e725ba6a457729bb7 (1.26.11)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d88688c8ae0c58e39d3c6757353f338afe615f7e (1.24 branch)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/18519ccebb07b9e88c2c2ec2f0b747bfe7d7fe2f (1.24 branch)
CVE-2026-2921 (GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerab ...)
{DSA-6167-1}
- gst-plugins-base1.0 1.28.1-1
=====================================
data/dla-needed.txt
=====================================
@@ -158,6 +158,10 @@ gst-plugins-base1.0
NOTE: 20260315: Added by Front-Desk (dleidert)
NOTE: 20260315: Follow DSA when released (dleidert/front-desk)
--
+gst-plugins-ugly1.0
+ NOTE: 20260322: Added by Front-Desk (charles)
+ NOTE: 20260322: In dsa-needed, coordinate with secteam (charles)
+--
gvfs
NOTE: 20260228: Added by Front-Desk (charles)
NOTE: 20260228: CVE-2026-28296 is the greater problem, users connecting to a
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f08f457c391e9c453b565d3ba90d37bfe2af94ff...2e29240d125ba211390dc0999bd96fe04bf729e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f08f457c391e9c453b565d3ba90d37bfe2af94ff...2e29240d125ba211390dc0999bd96fe04bf729e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260322/e9628a4a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list