Date: Sat, 07 Mar 2026 08:36:51 +0000 From: Jason E. Hale <jhale@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 39bb3e53d8ab - main - security/vuxml: Add GStreamer1 < 1.28.1 Message-ID: <69abe3a3.27e83.14bfca0c@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by jhale: URL: https://cgit.FreeBSD.org/ports/commit/?id=39bb3e53d8abf5b5f8d91f2225518cdd4d19a8d7 commit 39bb3e53d8abf5b5f8d91f2225518cdd4d19a8d7 Author: Jason E. Hale <jhale@FreeBSD.org> AuthorDate: 2026-03-07 08:20:54 +0000 Commit: Jason E. Hale <jhale@FreeBSD.org> CommitDate: 2026-03-07 08:36:42 +0000 security/vuxml: Add GStreamer1 < 1.28.1 https://gstreamer.freedesktop.org/security/ --- security/vuxml/vuln/2026.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index ded5ea1187e9..d00d5f629e23 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,73 @@ + <vuln vid="791d4b29-19fb-11f1-87cc-e73692421fef"> + <topic>gstreamer1 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gstreamer1</name> + <range><lt>1.28.1</lt></range> + </package> + <package> + <name>gstreamer1-plugins</name> + <range><lt>1.28.1</lt></range> + </package> + <package> + <name>gstreamer1-plugins-good</name> + <range><lt>1.28.1</lt></range> + </package> + <package> + <name>gstreamer1-plugins-bad</name> + <range><lt>1.28.1</lt></range> + </package> + <package> + <name>gstreamer1-plugins-ugly</name> + <range><lt>1.28.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.1 release:</p> + <blockquote cite="https://gstreamer.freedesktop.org/security/">; + <p>Twelve security vulnerabilities were addressed, including:</p> + <ul> + <li>Out-of-bounds reads and writes in the H.266 video parser, WAV parser, + MP4 and ASF demuxers, and DVB subtitle decoder.</li> + <li>Integer overflows in the RIFF parser and Huffman table handling in the JPEG parser.</li> + <li>Stack buffer overflows in the RTP QDM2 depayloader and H.266 parser.</li> + </ul> + <p>These could lead to application crashes or potentially arbitrary code execution.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-1940</cvename> + <cvename>CVE-2026-3082</cvename> + <cvename>CVE-2026-2921</cvename> + <cvename>CVE-2026-2922</cvename> + <cvename>CVE-2026-2920</cvename> + <cvename>CVE-2026-2923</cvename> + <cvename>CVE-2026-3083</cvename> + <cvename>CVE-2026-3085</cvename> + <cvename>CVE-2026-3086</cvename> + <cvename>CVE-2026-3081</cvename> + <cvename>CVE-2026-3084</cvename> + <url>https://gstreamer.freedesktop.org/security/sa-2026-0001.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0002.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0003.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0004.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0005.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0006.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0007.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0008.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0009.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0010.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0011.html</url>; + <url>https://gstreamer.freedesktop.org/security/sa-2026-0012.html</url>; + </references> + <dates> + <discovery>2026-02-25</discovery> + <entry>2026-03-07</entry> + </dates> + </vuln> + <vuln vid="10319b08-f050-4beb-95e3-fe025cdafd25"> <topic>oauth2-proxy -- multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69abe3a3.27e83.14bfca0c>