-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 28, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : yelp-xsl Version : 3.38.3-1+deb11u1 CVE ID : CVE-2025-3155 Debian Bug : #1102080 A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. For Debian 11 bullseye, this problem has been fixed in version 3.38.3-1+deb11u1. We recommend that you upgrade your yelp-xsl packages. For the detailed security status of yelp-xsl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/yelp-xsl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmg3VoIACgkQ+COicpiD yXw/5A/+MT8ALRhKL6w1HdJ40xP/75ZM1ecxB4u4Edh8xTBWysDnwyQRKRv9ysD/ 5nqgIe/z96Cn50XsDi18XXKAEmRZmkIo+megZAhZ6/qk8Mcj7uJ23b252NrezFka njSdDUwj7rmV+SXFX1rRy/RneGFa9+oTPSxAJulsmOezJEzp93QWJwzYJp6I4Vyx Y0g5B2rr4jtMCQu2T6nXe8FrwJmPhDJrdoBMEIbZEDlJfTX5S4PL7m0ZrNOdPJvc 6mL65phinTXLtZV2W+WDeElDuxVPWHTqXtef70vVsbhWwUrTWahu7quLLSmyGaWV JrP43FV2tGHE609JfAHU99DWebkG1BUdsunggl+Y0bEEDHooV6S4W2jqqvN9Ptvz ZeTn9tuMby++KM1Poav74d3I5XHinVRb2IHkAg4YhzZWojHk+GRvU6BWdyXqdv07 fcW1FMb2RXwacYDHJirH7gvujwedDZF4hGItarD/ttOMNtLQpSObv211+PugooTk lbuDX2qZWfE24oYkZt4nVtN3muHYY0sGbPImPVS4iX5lWK1ioTGQT+7g2XW+ZxxP 3MyCWqr60wagWyaYun8OaRUryJIpZ+1imgMIumgo0CyojoIByiuHisCvNiDA8ZOw uoiRD8AJeE9XXZ3g8wPpXAx76kBcmEaYy77PzJjZH+uIPSXfVM0= =xB2j -----END PGP SIGNATURE-----
