Package: release.debian.org Control: affects -1 + src:yelp-xsl X-Debbugs-Cc: yelp-...@packages.debian.org User: release.debian....@packages.debian.org Usertags: unblock
Please allow yelp-xsl 42.1-3 to migrate faster than 10 days. [ Reason ] This is the yelp-xsl part of the security fix for https://security-tracker.debian.org/tracker/CVE-2025-3839 [ Impact ] The security vulnerability is both more severe and more widely discussed than other recent GNOME CVEs. https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-vulnerability-in-yelp-cve-2025-3155/ [ Tests ] I simply copied the security fix that Ubuntu released today https://ubuntu.com/security/notices/USN-7447-1 I also did a manual test to ensure that opening GNOME help pages still works as expected. [ Risks ] Key package but we're using the same security fix Ubuntu pushed. [ Checklist ] [✅] all changes are documented in the d/changelog [✅] I reviewed all changes and I approve them [N/A] attach debdiff against the package in testing Thank you, Jeremy Bícha
