Debian alert DSA-6190-1 (gst-plugins-bad1.0)
| From: | Moritz Muehlenhoff <jmm@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6190-1] gst-plugins-bad1.0 security update | |
| Date: | Wed, 01 Apr 2026 20:19:38 +0000 | |
| Message-ID: | <ac192qgusjtaaIbY@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6190-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gst-plugins-bad1.0 CVE ID : CVE-2026-2923 CVE-2026-3081 CVE-2026-3082 CVE-2026-3084 CVE-2026-3086 Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the oldstable distribution (bookworm), these problems have been fixed in version 1.22.0-4+deb12u7. For the stable distribution (trixie), these problems have been fixed in version 1.26.2-3+deb13u1. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of gst-plugins-bad1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-b... Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnNfJIACgkQEMKTtsN8 Tja0rg/+Pm0KIrawugyvYi/R4S4Go4NBgkPy1swhPS3wBqFKZMr4PteoPJrOUYxV sjh1gAygUBY0l17NBhu9uNSE9+d4OG6TbVSZjY6fWd7rA4ViseKyWIy8YcRnJ/zX /WM+uoiSV+NRl+yIbIJwXGZs9N4tvGzYTa69FFtUMbTHQZr9S0IFFSmf+BXgNzVF s7KOZFE5dTYY/GGIVR9J6CPBjioBWNZuPg3HUAh30Mq0Pqx6b7aXenFDOJ6eA87I SwmB6ysfeSYPcER52s1PDi6I4nJTY8lMMbJFLLMpyo+sTYYu3xXeP4tdhdywiAzY hMTnr3JXrWmPQjX1jdUM/YsKwpvi+tqDwoXAe7MmQvoBe4UYBZ3z0mNYlaiyV1Bv Mc8l/czQY8M7NDTLBbNPNPyOPhD5FfRUI0iqxaZkFjyiVnNdpF67EJv+Ne+ZiFjA AzxyYH2r33nge1KybC6Tu1btFpazm9G0Vn7Xsi2ZpN29A1+JxKfTvu2zwjjAPPbI I1RlBd1KAuyExsiXgX8+Bbz8vCfZoTebGNgeWHSlu/yIOo5bhPdz7SH2hTWHHyJI MJmAyJROMSnPwjRU+cUN56ncyVVEYlQoFR5vMsOu0lsDkvVX60pEIbm+OxP+4E0H Ro153/21fWdsXQR+ovhVfSJKjQsZLnSI9lZiK2B3RbcvxQoJMSE= =f+vf -----END PGP SIGNATURE-----