Source: yelp Version: 42.2-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/yelp/-/issues/221 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for yelp. CVE-2025-3155[0]: | A flaw was found in Yelp. The Gnome user help application allows the | help document to execute arbitrary scripts. This vulnerability | allows malicious users to input help documents, which may exfiltrate | user files to an external environment. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-3155 https://www.cve.org/CVERecord?id=CVE-2025-3155 [1] https://gitlab.gnome.org/GNOME/yelp/-/issues/221 Regards, Salvatore
