[SECURITY] [DLA 4185-1] yelp-xsl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4185-1] yelp-xsl security update
From: Lucas Kanashiro <kanashiro@debian.org>
Date: Wed, 28 May 2025 15:32:07 -0300
Message-id: <[🔎] 8fb53d8233cecc9fc3da7c4235357ef6@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4185-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Lucas Kanashiro
May 28, 2025                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : yelp-xsl
Version        : 3.38.3-1+deb11u1
CVE ID         : CVE-2025-3155
Debian Bug     : #1102080

A flaw was found in Yelp. The Gnome user help application allows the help
document to execute arbitrary scripts. This vulnerability allows malicious
users to input help documents, which may exfiltrate user files to an external
environment.

For Debian 11 bullseye, this problem has been fixed in version
3.38.3-1+deb11u1.

We recommend that you upgrade your yelp-xsl packages.

For the detailed security status of yelp-xsl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/yelp-xsl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmg3VoIACgkQ+COicpiD
yXw/5A/+MT8ALRhKL6w1HdJ40xP/75ZM1ecxB4u4Edh8xTBWysDnwyQRKRv9ysD/
5nqgIe/z96Cn50XsDi18XXKAEmRZmkIo+megZAhZ6/qk8Mcj7uJ23b252NrezFka
njSdDUwj7rmV+SXFX1rRy/RneGFa9+oTPSxAJulsmOezJEzp93QWJwzYJp6I4Vyx
Y0g5B2rr4jtMCQu2T6nXe8FrwJmPhDJrdoBMEIbZEDlJfTX5S4PL7m0ZrNOdPJvc
6mL65phinTXLtZV2W+WDeElDuxVPWHTqXtef70vVsbhWwUrTWahu7quLLSmyGaWV
JrP43FV2tGHE609JfAHU99DWebkG1BUdsunggl+Y0bEEDHooV6S4W2jqqvN9Ptvz
ZeTn9tuMby++KM1Poav74d3I5XHinVRb2IHkAg4YhzZWojHk+GRvU6BWdyXqdv07
fcW1FMb2RXwacYDHJirH7gvujwedDZF4hGItarD/ttOMNtLQpSObv211+PugooTk
lbuDX2qZWfE24oYkZt4nVtN3muHYY0sGbPImPVS4iX5lWK1ioTGQT+7g2XW+ZxxP
3MyCWqr60wagWyaYun8OaRUryJIpZ+1imgMIumgo0CyojoIByiuHisCvNiDA8ZOw
uoiRD8AJeE9XXZ3g8wPpXAx76kBcmEaYy77PzJjZH+uIPSXfVM0=
=xB2j
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4184-1] yelp security update
Next by Date: [SECURITY] [DLA 4188-1] python-tornado security update
Previous by thread: [SECURITY] [DLA 4184-1] yelp security update
Next by thread: [SECURITY] [DLA 4188-1] python-tornado security update
Index(es):
- Date
- Thread