Bug#1103999: marked as done (unblock: yelp-xsl/42.1-3)

To: Paul Gevers <elbrus@debian.org>
Subject: Bug#1103999: marked as done (unblock: yelp-xsl/42.1-3)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 26 Apr 2025 09:51:02 +0000
Message-id: <[🔎] handler.1103999.D1103999.1745660966935286.ackdone@bugs.debian.org>
Reply-to: 1103999@bugs.debian.org
References: <bf45258a-d274-43d3-9add-e6a86fa8a6d1@debian.org> <[🔎] CAD+GYvzzRCTZL6xvTZVuOmXuAggXAPbA6EaUzCn5d5UyCe0ESQ@mail.gmail.com>

Your message dated Sat, 26 Apr 2025 11:49:24 +0200
with message-id <bf45258a-d274-43d3-9add-e6a86fa8a6d1@debian.org>
and subject line Re: Bug#1103999: unblock: yelp-xsl/42.1-3
has caused the Debian Bug report #1103999,
regarding unblock: yelp-xsl/42.1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1103999: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103999
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: yelp-xsl/42.1-3
From: Jeremy Bícha <jeremy.bicha@canonical.com>
Date: Wed, 23 Apr 2025 15:08:43 -0400
Message-id: <[🔎] CAD+GYvzzRCTZL6xvTZVuOmXuAggXAPbA6EaUzCn5d5UyCe0ESQ@mail.gmail.com>

Package: release.debian.org
Control: affects -1 + src:yelp-xsl
X-Debbugs-Cc: yelp-xsl@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Please allow yelp-xsl 42.1-3 to migrate faster than 10 days.

[ Reason ]
This is the yelp-xsl part of the security fix for
https://security-tracker.debian.org/tracker/CVE-2025-3839

[ Impact ]
The security vulnerability is both more severe and more widely
discussed than other recent GNOME CVEs.

https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-vulnerability-in-yelp-cve-2025-3155/

[ Tests ]
I simply copied the security fix that Ubuntu released today

https://ubuntu.com/security/notices/USN-7447-1

I also did a manual test to ensure that opening GNOME help pages still
works as expected.

[ Risks ]
Key package but we're using the same security fix Ubuntu pushed.

[ Checklist ]
  [✅] all changes are documented in the d/changelog
  [✅] I reviewed all changes and I approve them
  [N/A] attach debdiff against the package in testing

Thank you,
Jeremy Bícha

--- End Message ---

--- Begin Message ---

To: Jeremy Bícha <jeremy.bicha@canonical.com>, 1103999-done@bugs.debian.org

Subject: Re: Bug#1103999: unblock: yelp-xsl/42.1-3

From: Paul Gevers <elbrus@debian.org>

Date: Sat, 26 Apr 2025 11:49:24 +0200

Message-id: <bf45258a-d274-43d3-9add-e6a86fa8a6d1@debian.org>

In-reply-to: <[🔎] CAD+GYvzzRCTZL6xvTZVuOmXuAggXAPbA6EaUzCn5d5UyCe0ESQ@mail.gmail.com>

References: <[🔎] CAD+GYvzzRCTZL6xvTZVuOmXuAggXAPbA6EaUzCn5d5UyCe0ESQ@mail.gmail.com>
Hi,

On 23-04-2025 21:08, Jeremy Bícha wrote:
The security vulnerability is both more severe and more widely
discussed than other recent GNOME CVEs.
But not fixed yet in d-security? Even marked as "minor issue" forbullseye, is that an incorrect assessment by the LTS team?
Anyways:
urgent yelp-xsl/42.1-4

Paul
Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

--- End Message ---

Reply to:

References:
- Bug#1103999: unblock: yelp-xsl/42.1-3
  - From: Jeremy Bícha <jeremy.bicha@canonical.com>

Prev by Date: Bug#1103997: marked as done (unblock: epiphany-browser/48.2-1)
Next by Date: Bug#1103973: marked as done (unblock: hueplusplus/1.2.0+ds-1)
Previous by thread: Processed: unblock: yelp-xsl/42.1-3
Next by thread: Bug#1104000: unblock: pymupdf/1.25.4+ds1-3
Index(es):
- Date
- Thread