I posted the wrong CVE link. For yelp and yelp-xsl it is https://security-tracker.debian.org/tracker/CVE-2025-3155 Thank you, Jeremy Bícha