Debian alert DLA-4184-1 (yelp)

From:
             
 
Lucas Kanashiro <kanashiro@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4184-1] yelp security update
Date:
             
 
Wed, 28 May 2025 15:30:17 -0300
Message-ID:
             
 
<3728ebcdbf96025ea73d1d41cfc02ea7@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4184-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Lucas Kanashiro
May 28, 2025                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : yelp
Version        : 3.38.3-1+deb11u1
CVE ID         : CVE-2025-3155
Debian Bug     : #1102080

A flaw was found in Yelp. The Gnome user help application allows the help
document to execute arbitrary scripts. This vulnerability allows malicious
users to input help documents, which may exfiltrate user files to an external
environment.

For Debian 11 bullseye, this problem has been fixed in version
3.38.3-1+deb11u1.

We recommend that you upgrade your yelp packages.

For the detailed security status of yelp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/yelp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmg3VcoACgkQ+COicpiD
yXymnRAAseztw17HDOiYYEgVxfqQu9K1EZ4Xip0mEv2DlwuQWkW+9IYxumfgmNB6
PqnzFTMwT7sQ7Ulj1e++jmFgRE3LEW+awr49tdKCa9lH4jBzVmMwtN4JEJR1ztYQ
9kx6w+ze7fjVQtMIosLe68fQGgVPNQu5ZSRbvHjeOK5x14xK6MyD9zTubamMblkQ
R23Tvx+5HYur81Nk2zkOA3Jd7kSU90i8znyk5H5k8F7paHy6+rAtBKJkfN6SqGjO
1LKTwoBzoUQaLqJZv1LtR1GAQS+1PlkOmr8T2nP3/liR/7VyOJyA6Xgti5gp89M3
D+5KHpdetpwc7lXvF92k+29MJFCFz4ZboPHgfFcl5q+1yoSB7Y2Ofmy8fTkPWrdB
yNrmU/9GTomM2RRvMCV6PUI9DXPBlNHFxu6mJX1ObqyVSnrKBwNhJ5U6UInVr7xc
LOHeD0OV6YghKbXJ5aG92oT2WM75SDwViWF2/Pit5cGVcfMN7kdXM+RWgwwul+IR
TiNZ27BFEYvaiPKKOWqF6KduFA83oLTU2/Bu+c0FgptlxbzZsqFt2oRH5Lq/TQAq
qw6Qi5QEdy3a3A0hPMurn8v59zXYuEiId4YmbhBOTKLXC7uQqd0GQG8M4V5LpPpj
lRQKkjS7Ar8ftg87XFo4uArCc5gmAAj0Dl/wLK7pT+Lp39YPJSU=
=grwx
-----END PGP SIGNATURE-----