Source: yelp Version: 49.0-1 Severity: serious Tags: security upstream bookworm trixie X-Debbugs-CC: [email protected]
Sandbox escape hardening was done in yelp's recent 49.1 release that was discussed more today at https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/ A CVE has been requested, but we don't need to wait for it to be assigned to fix this issue. The issue is fixed with these 2 upstream commits: https://gitlab.gnome.org/GNOME/yelp/-/commit/d220aa2f754eed4e6a006a4acaa68b31892dea2b https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639 This issue has already been fixed in unstable. Thank you, Jeremy Bícha
