-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5927-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : yelp CVE ID : CVE-2025-3155 It was discovered that Yelp, the help browser for the GNOME desktop, allowed help files to execute arbitrary scripts. Opening a malformed help file could have resulted in data exfiltration. For the stable distribution (bookworm), this problem has been fixed in version 42.2-1+deb12u1 of yelp and version 42.1-2+deb12u1 of yelp-xsl. We recommend that you upgrade your yelp packages. For the detailed security status of yelp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/yelp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmg3UEMACgkQEMKTtsN8 TjaEKw//SpvFBvI57zp8OmUKqBDIReXZe3exDzw69wQzp+byTOp50d91X3NWSDyf C8/OelDY0CV++SQE1to12qvgZq3sIDnyJ2++H1X4FSJtlZRCIz2fxDgTT0xF5asv WtveyohgkSNYm2StTVKJ6iIueiqgVoIwwoKIHKMpWZGwNauOjiEfxdIYsnqI7rDt IfGnEvIK0c6k6sV7tLn501jS+mnzLDTU026VSHZLc/BV+FyC852ZtHkmwgv9M8T0 d2FAcaObIcZS3uYZvkA4vuZQikA7GpTuteevZkAjZUbvkcQtN0Nhez4+CYND3kKb 3oAMDQUdZ94+rODs+fWAbT7oEZAzB4YrlJJRsoKp137569HbPfjPqISlAZO7tPF7 EST7dtrW+/Bs6FsBfIumYE9NQ5wCIhPNHGokwnd6ngwvdDIlvhoZ43v9cPc4cL71 i3jM0wkuUpciO5rgBW9KpgLH9NIkZDu/uMvMfAmL7bHZ6L5lpNsaJNag688A0Cf2 YCZO5nkMTJHPnojls3NAljoLiW8Gcu6uKP8yAd3t2TpthTQfjcdhQrRIEMlU3xUs fkECq0BwC1oTA/ORpYppjKa1uBH1Da0sE/EWoBFqlPplfmSyymUviBJn7yo4ueoi RG2hGcpn6pN28hGcEkgxlolTtc5DFTNupKkClrTMf1IduEsBZZQ= =tHAo -----END PGP SIGNATURE-----