Your message dated Wed, 23 Apr 2025 16:36:55 +0000
with message-id <e1u7d5j-00deig...@fasolo.debian.org>
and subject line Bug#1102080: fixed in yelp-xsl 42.1-4
has caused the Debian Bug report #1102080,
regarding yelp: CVE-2025-3155
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1102080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102080
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: yelp
Version: 42.2-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/yelp/-/issues/221
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for yelp.
CVE-2025-3155[0]:
| A flaw was found in Yelp. The Gnome user help application allows the
| help document to execute arbitrary scripts. This vulnerability
| allows malicious users to input help documents, which may exfiltrate
| user files to an external environment.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-3155
https://www.cve.org/CVERecord?id=CVE-2025-3155
[1] https://gitlab.gnome.org/GNOME/yelp/-/issues/221
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: yelp-xsl
Source-Version: 42.1-4
Done: Jeremy Bícha <jbi...@ubuntu.com>
We believe that the bug you reported is fixed in the latest version of
yelp-xsl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1102...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <jbi...@ubuntu.com> (supplier of updated yelp-xsl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Apr 2025 12:23:15 -0400
Source: yelp-xsl
Built-For-Profiles: noudeb
Architecture: source
Version: 42.1-4
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers
<pkg-gnome-maintain...@lists.alioth.debian.org>
Changed-By: Jeremy Bícha <jbi...@ubuntu.com>
Closes: 1102080
Changes:
yelp-xsl (42.1-4) unstable; urgency=high
.
[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary script execution
- debian/patches/CVE-2025-3155.patch: use a nonce in
xslt/common/html.xsl.
- CVE-2025-3155 (Closes: #1102080)
Checksums-Sha1:
bad5fe256a0ea9771736bdd60e62391d2ec597a3 2015 yelp-xsl_42.1-4.dsc
e53e8bdf358cc978498f466fed7435b9d03c84f5 6208 yelp-xsl_42.1-4.debian.tar.xz
907ed4ab64d0bd09af132db469dfeb987ff9a294 10430 yelp-xsl_42.1-4_source.buildinfo
Checksums-Sha256:
305095349a321d53015797c2d716c13a6971b9b56ceac8256c6cdbbed9db6f44 2015
yelp-xsl_42.1-4.dsc
fb3eec656143c2507107b9833e37632a56de8cf626b0deddfe77a9f8676fa8b6 6208
yelp-xsl_42.1-4.debian.tar.xz
d27b8273a35de7947f2385a553847eaccf9096d000207c202e30b705c3598738 10430
yelp-xsl_42.1-4_source.buildinfo
Files:
44b316a2db8119cfafa5c961673ebb84 2015 gnome optional yelp-xsl_42.1-4.dsc
7b3a6d776c1788eee46a283a96a81857 6208 gnome optional
yelp-xsl_42.1-4.debian.tar.xz
58d10a71fce046fb1be90839b564c4da 10430 gnome optional
yelp-xsl_42.1-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmgJFHMACgkQ5mx3Wuv+
bH0yHw/+JesMUWIzAWBT6+/DM5aQsdWFHOUDORITIJzbI67/3Gx5LIDL6cauTdA8
6G0RJWuNljUhlfabgR2Tu4IU/cz3+oAVkwVfvoSJzWNkWsc4oonHZf1qqdSxESdp
o551DeD2SOzWxhbaH7nbw5JkYIPaw1sN8FV60xdQ0Q/z4hX4Et1hp6TQwiWy5g4w
UNjXUbG2qygleW6+zO94g2R8VX/9j3ADihIE0cPRP9Yvb/KJHPqxEWyJHjLr4/wx
/8mhI0QWjAzbDNbBDi8GZzkpvfyKnw/dBpzf2QNX+IE8nlbEkjzuvI3whj15xfKJ
CNGmbXj7Gs9sP/DZsLOEzpkulaIo8ezWwdfaiE2ox1Opeg6jIVDpssfgZOGRlciD
JQkTXs/gBWGOGhz+AWIAyHj0vaHU5meu/sQ8Dkvt317beRsXiPcrNZFKLDVtSm2U
sEkQ5M18/lbdn2RneaKFznGWLgH5R0VpFRFWfg5CGu+7B4W5NDuEKSodFnwGf6jz
PUHEhwgSBgO/K3kwlXnXB3U5P2Ndl4OJi5e63gtA5k93Hs38xxPeN+M/TqV4QCDy
fHKckvtDR/ON/Tn+q0p3BtxIvxB3obMtxyQ8BSSyoXekKAoqNKV28g3ilg8Ni89r
K/e+bX0Aam+beNlyy1RMO4tXH98VFjR1ZF4FWV4xKn+G/B3Z62g=
=UuWw
-----END PGP SIGNATURE-----
pgpooBOCfxvET.pgp
Description: PGP signature
--- End Message ---
