Your message dated Sat, 26 Apr 2025 11:49:24 +0200 with message-id <bf45258a-d274-43d3-9add-e6a86fa8a6d1@debian.org> and subject line Re: Bug#1103999: unblock: yelp-xsl/42.1-3 has caused the Debian Bug report #1103999, regarding unblock: yelp-xsl/42.1-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1103999: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103999 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: yelp-xsl/42.1-3
- From: Jeremy Bícha <jeremy.bicha@canonical.com>
- Date: Wed, 23 Apr 2025 15:08:43 -0400
- Message-id: <[🔎] CAD+GYvzzRCTZL6xvTZVuOmXuAggXAPbA6EaUzCn5d5UyCe0ESQ@mail.gmail.com>
Package: release.debian.org Control: affects -1 + src:yelp-xsl X-Debbugs-Cc: yelp-xsl@packages.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Please allow yelp-xsl 42.1-3 to migrate faster than 10 days. [ Reason ] This is the yelp-xsl part of the security fix for https://security-tracker.debian.org/tracker/CVE-2025-3839 [ Impact ] The security vulnerability is both more severe and more widely discussed than other recent GNOME CVEs. https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-vulnerability-in-yelp-cve-2025-3155/ [ Tests ] I simply copied the security fix that Ubuntu released today https://ubuntu.com/security/notices/USN-7447-1 I also did a manual test to ensure that opening GNOME help pages still works as expected. [ Risks ] Key package but we're using the same security fix Ubuntu pushed. [ Checklist ] [✅] all changes are documented in the d/changelog [✅] I reviewed all changes and I approve them [N/A] attach debdiff against the package in testing Thank you, Jeremy Bícha
--- End Message ---
--- Begin Message ---
- To: Jeremy Bícha <jeremy.bicha@canonical.com>, 1103999-done@bugs.debian.org
- Subject: Re: Bug#1103999: unblock: yelp-xsl/42.1-3
- From: Paul Gevers <elbrus@debian.org>
- Date: Sat, 26 Apr 2025 11:49:24 +0200
- Message-id: <bf45258a-d274-43d3-9add-e6a86fa8a6d1@debian.org>
- In-reply-to: <[🔎] CAD+GYvzzRCTZL6xvTZVuOmXuAggXAPbA6EaUzCn5d5UyCe0ESQ@mail.gmail.com>
- References: <[🔎] CAD+GYvzzRCTZL6xvTZVuOmXuAggXAPbA6EaUzCn5d5UyCe0ESQ@mail.gmail.com>
Hi, On 23-04-2025 21:08, Jeremy Bícha wrote:The security vulnerability is both more severe and more widely discussed than other recent GNOME CVEs.But not fixed yet in d-security? Even marked as "minor issue" for bullseye, is that an incorrect assessment by the LTS team?Anyways: urgent yelp-xsl/42.1-4 PaulAttachment: OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---