Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
63441dd9 by Moritz Muehlenhoff at 2026-06-29T14:24:18+02:00
gstreamer triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4634,11 +4634,23 @@ CVE-2026-13006 (ACE vulnerability in conditional 
configuration file processing
        NOTE: https://logback.qos.ch/news.html#1.5.35
 CVE-2026-12892 (A flaw was found in GStreamer's gst-plugins-bad package. When 
processi ...)
        - gst-plugins-bad1.0 <unfixed>
+       [trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491321
+       NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0047.html
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5108 (private)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11938
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8c6d4df57b531c7b41a5f3bce28d2c7bc98a1d3d
 (1.29.2)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/82c694705e864ab825694464a1a83082cbb976b3
 (1.28 branch)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/dfd0be05499d3315b0d125b3be5f06f7ace52259
 (1.26 branch)
 CVE-2026-12891 (A flaw was found in the GStreamer gst-plugins-bad package. 
When proces ...)
        - gst-plugins-bad1.0 <unfixed>
+       [trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491318
+       NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0048.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5109 (private)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eec42c2fedda888085d3356b3a5af1ada86f5746
 (1.29.2)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/89313b6ddd69f7495e61adfaa5137e430668d660
 (1.28 branch)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/dbf50dce3154ec4aa9d3858110761f3479a0f002
 (1.26 branch)
 CVE-2026-12851 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
        NOT-FOR-US: GeoVision
 CVE-2026-12850 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
@@ -9321,17 +9333,28 @@ CVE-2026-53430 (Improper Handling of Highly Compressed 
Data (Data Amplification)
        NOT-FOR-US: elixir-grpc grpc
 CVE-2026-52722 (A signed integer overflow vulnerability was found in 
GStreamer's VMnc  ...)
        - gst-plugins-bad1.0 <unfixed>
+       [trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486733
+       NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0046.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5107 (private)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6c146775d784bbe91ff7afc6701ba351306282ce
 (1.29.2)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d30966b87f3a1358b01ec404607f6c9b2f10e9f7
 (1.26 branch)
 CVE-2026-52721 (Multiple out-of-bounds read vulnerabilities were found in 
GStreamer's  ...)
        - gst-plugins-bad1.0 <unfixed> (unimportant)
+       [trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486732
+       NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0045.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5106 (private)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3833dd745ef7b1cd5f699c90897ecca3ef09c59b
 (1.29.2)
        NOTE: Negligible security impact
 CVE-2026-52720 (A heap buffer overflow vulnerability was found in GStreamer's 
librfb ( ...)
        - gst-plugins-bad1.0 <unfixed>
+       [trixie] - gst-plugins-bad1.0 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2486731
+       NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0043.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5105 (private)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f3b66928a194b32b27fac3c3379d3d20e5966442
 (1.29.2)
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1ca88138fb0f8562861956b66a0c98406bcb7370
 (1.26 branch)
 CVE-2026-52703 (Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-52702 (Unauthenticated Cross Site Scripting (XSS) in SEO Redirection 
<= 9.17  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63441dd973fb19e7176f0974e4f0d28f4de1fb0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63441dd973fb19e7176f0974e4f0d28f4de1fb0d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to