-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 May 2025 20:09:22 -0300 Source: yelp Architecture: source Version: 42.2-1+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Lucas Kanashiro <kanashiro@debian.org> Changes: yelp (42.2-1+deb12u1) bookworm-security; urgency=medium . * Non-maintainer upload by the Security Team. * Fix CVE-2025-3155. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. - d/p/CVE-2025-3155.patch Checksums-Sha1: 37a5669dbecc5834e00297175abfb74f38c92794 2543 yelp_42.2-1+deb12u1.dsc de1d6d374bfd34b2519f1722f0887831ce176b1a 1480504 yelp_42.2.orig.tar.xz 506c8907b1dd70ba5f266cbf9825a8556f11d80c 18636 yelp_42.2-1+deb12u1.debian.tar.xz 8973189760224f5c8605906f6c266e852b65b81e 5595 yelp_42.2-1+deb12u1_source.buildinfo Checksums-Sha256: e60b74ae688a626af7fc7e65a9969e5cacb917a82939b1119d32cba55a75a23e 2543 yelp_42.2-1+deb12u1.dsc b29e9512766bcd684bdc650457e4ecc99b236935c2c16d2acd4f7dd2cfc87a2e 1480504 yelp_42.2.orig.tar.xz 26dc2a10e12156aacf0b0faca5dd65f8eece492a59455b1828433cc65d0c083a 18636 yelp_42.2-1+deb12u1.debian.tar.xz c96e293cb543fd65305293d46ce912589b29c3cc0151c46f348d28b70a0ab50d 5595 yelp_42.2-1+deb12u1_source.buildinfo Files: ceab0177bce7e581500347bb31250acf 2543 gnome optional yelp_42.2-1+deb12u1.dsc 520c1e430279df7a7100164a80791280 1480504 gnome optional yelp_42.2.orig.tar.xz 7781f5560847191c4d62a425badf13ef 18636 gnome optional yelp_42.2-1+deb12u1.debian.tar.xz a0dec690e2317c39b4f1584e7008628a 5595 gnome optional yelp_42.2-1+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmg0uBcVHGthbmFzaGly b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l8LrAP/2OlZh9NQ6NQgB6eXiaFpKwIxblC hcRk+h1DmS9QLsEEshsodhcBxRdTHN/L3emF1igZ76TcgBPCVEz/EqlWyufjQ0Sz XYL0e/jZCWK4B0chqfuJNk3uP+5d/v5ls8GXfNGuvBVNOPnlmvyjsExnxy2ENM6a eqQutTL9dtbMVgmn9GT9PkrV0eMW4lB72l6foyQglaChFWgciriAPdm1SFgR/Hwj g4hQpED1jZvHb3dI3R77P7xCO95jL/yiVlHGp/gSV9Hfx1G7s2jlzNmBr37fRk58 NsebJcdKk/Le/Ch1ANn8rTiZkJTE6hs46W03FHo/+Mzd1XodaCJPR9bjmLKdVh8R WFqaylD/qsOkEj2IX+koskXBHnqYL20+mAhuT0a2m8yPRMGLNbvk4EYQonTsa4Iq q4uGddcH13TiF7daMwy673zbsAGwAEL6TgrgkyFy/KJ4LsF+TVHALjU0qPRfUv+q eQppiG0Wt3c/hHmjIZ0FCwfg0RydYCOWdFvLqM0MEFhXMuKoHwvc0JyykwRZRm2l RsteokNRSse5d2LJwKyQz2oDc5JvCAF+QNQT4lQz+Vud5NX4dg6NppvI8WEbUFAK 7GGzJFx9l8usVoOj9Kt1l0yAdxZ6sjzn+Ltes+6ePtQ4Nas6rtHDD4/6gquI5GHe LMwqw89ouCD2tOtz =QpIb -----END PGP SIGNATURE-----
