Hello GStreamer Team,
I am reviewing the security advisories published on February 25, 2026 (GStreamer-SA-2026-0001 through GStreamer-SA-2026-0012).
I noticed that while several entries include CVE identifiers, others—specifically SA-2026-0012 and SA-2026-0002—currently lack this data.
Could you please provide an estimated timeline for when the CVE information for these remaining entries will be assigned and published?
Thank you.
Best regards,
Hetal Shah
GStreamer-SA-2026-0002: we have been told by the reporter that a CVE identifier has been requested by MITRE and is currently pending, but have not had further responses about that.
GStreamer-SA-2026-0012: this is more of a courtesy notice for distributors, since it was fixed en passant with the H.266 bug. We have not requested an CVE identifier and do not intend to do so. If you want to request one, please feel free to do so and let us know the assigned ID. Thanks.