[Git][security-tracker-team/security-tracker][master] CVE-2026-1940,CVE-2026-3083,CVE-2026-3085/gst-plugins-good1.0: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Tue Mar 24 15:40:19 GMT 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59f722a0 by Sylvain Beucler at 2026-03-24T16:34:30+01:00
CVE-2026-1940,CVE-2026-3083,CVE-2026-3085/gst-plugins-good1.0: bullseye postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6515,12 +6515,14 @@ CVE-2026-3083 (GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution
 	- gst-plugins-good1.0 1.28.1-1
 	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
+	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete codec, dropped upstream as a fix)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
 CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Executio ...)
 	- gst-plugins-good1.0 1.28.1-1
 	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
+	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete codec, dropped upstream as a fix)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
 CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vuln ...)
@@ -6565,6 +6567,7 @@ CVE-2026-1940 (An incomplete fix for CVE-2024-47778 allows an out-of-bounds read
 	- gst-plugins-good1.0 1.28.1-1
 	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
+	[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, OOB read)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0001.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce2e822775bc5d192009617827bb6e9f0f98ca22 (main)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e7789e43cc9cf409e973949ebb4107c49c7ce4cd (main)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f722a02285b1291d02de445c7090d5bd6caef6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59f722a02285b1291d02de445c7090d5bd6caef6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260324/545d9e06/attachment.htm>

More information about the debian-security-tracker-commits mailing list