Bug#1103999: unblock: yelp-xsl/42.1-3
Jeremy Bícha
jeremy.bicha at canonical.com
Wed Apr 23 20:08:43 BST 2025
Package: release.debian.org
Control: affects -1 + src:yelp-xsl
X-Debbugs-Cc: yelp-xsl at packages.debian.org
User: release.debian.org at packages.debian.org
Usertags: unblock
Please allow yelp-xsl 42.1-3 to migrate faster than 10 days.
[ Reason ]
This is the yelp-xsl part of the security fix for
https://security-tracker.debian.org/tracker/CVE-2025-3839
[ Impact ]
The security vulnerability is both more severe and more widely
discussed than other recent GNOME CVEs.
https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-vulnerability-in-yelp-cve-2025-3155/
[ Tests ]
I simply copied the security fix that Ubuntu released today
https://ubuntu.com/security/notices/USN-7447-1
I also did a manual test to ensure that opening GNOME help pages still
works as expected.
[ Risks ]
Key package but we're using the same security fix Ubuntu pushed.
[ Checklist ]
[✅] all changes are documented in the d/changelog
[✅] I reviewed all changes and I approve them
[N/A] attach debdiff against the package in testing
Thank you,
Jeremy Bícha
More information about the pkg-gnome-maintainers
mailing list