-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 28 May 2026 23:30:00 +0000 Source: yelp Binary: libyelp-dev libyelp0 libyelp0-dbgsym yelp yelp-dbgsym Architecture: i386 Version: 42.2-1+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Aron Malache Description: libyelp-dev - Library for the GNOME help browser (development) libyelp0 - Library for the GNOME help browser yelp - Help browser for GNOME Closes: 1136299 Changes: yelp (42.2-1+deb12u2) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * SECURITY UPDATE: sandbox escape via ghelp: URIs and external resources loaded by help pages, allowing a malicious help document to read arbitrary files (e.g. via /proc) and exfiltrate them over the network (Closes: #1136299). Checksums-Sha1: 740168b26429eaaaa2fa18475a454bcdbdf434b6 75264 libyelp-dev_42.2-1+deb12u2_i386.deb cac198944bd606fb88c5cf75fe8036850332fb04 289236 libyelp0-dbgsym_42.2-1+deb12u2_i386.deb 46220c6d6ac670742305926ad95f2cc998b4280e 168320 libyelp0_42.2-1+deb12u2_i386.deb 54f23c70295cea38904c8fd62b7cc3355a13ed61 54876 yelp-dbgsym_42.2-1+deb12u2_i386.deb 98402e1ca62bdb6d4ae380e3fcc4beac7aeba61f 20721 yelp_42.2-1+deb12u2_i386-buildd.buildinfo 644ddb31d16668d1c215fd3bc0d905c639d0ea87 781516 yelp_42.2-1+deb12u2_i386.deb Checksums-Sha256: 68c26048eaacd1f643caa4b37729d5c61be20fe4120e79686a847f8a6a5f872e 75264 libyelp-dev_42.2-1+deb12u2_i386.deb 3e43856832dc09ffa652d62bc73c1d7046e623ae060fc973f1e9b04bfa2c4d93 289236 libyelp0-dbgsym_42.2-1+deb12u2_i386.deb 0ce9e64d1bb328af8b1461d6369f60b46d51d4448d382ee6d062ea5ab3ef9814 168320 libyelp0_42.2-1+deb12u2_i386.deb d1982cd1dd3ec51bf0d42bfdcae0e298b91eb5e54a1c4d8757fdaa65fbf0abca 54876 yelp-dbgsym_42.2-1+deb12u2_i386.deb 86109884fd3edf1d9de17cbff7ab0ae6f3ebb7bf0ec3e8c0d3a5004c87de7263 20721 yelp_42.2-1+deb12u2_i386-buildd.buildinfo 4d5483eefb76685134723ba5d64c8a6929f208d9b9e24db5b4bf6b45ede922e3 781516 yelp_42.2-1+deb12u2_i386.deb Files: 8e634298c089e395eeedccd30e874a0c 75264 libdevel optional libyelp-dev_42.2-1+deb12u2_i386.deb 2b21119a0cd475854d1984204fdac0ef 289236 debug optional libyelp0-dbgsym_42.2-1+deb12u2_i386.deb 0d2ff87ab71cfb97ee31f64d1f33b8dc 168320 libs optional libyelp0_42.2-1+deb12u2_i386.deb 7fef978439d002239173a90567475358 54876 debug optional yelp-dbgsym_42.2-1+deb12u2_i386.deb d61430dcef3375b09fd8a5d6231a9375 20721 gnome optional yelp_42.2-1+deb12u2_i386-buildd.buildinfo db6fa2bd988a327a9956e3368690718e 781516 gnome optional yelp_42.2-1+deb12u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmodRQwACgkQYg9P9sm2 dfF4AQ//fJ40RlN7J10PTmJnEU5dpIZcY0/sYLkRqqy8gKiQ6V7Njkj1DxBhNGxN zdaNbnN+BtatkySldKpIxlwBhhYXDnITuJLKbmo4mfE5+ULn32F6uJAE7ISCHTXg fdEF4rvDc6uE4Vc5o3u7W7vA/057Xhv+gJlMDx3Zl3DgtfkwNSPIfRWU2uIlit4q Sx747oGd5PhOvyW9dOnne19rsj0DMpgwEPHDRepk7h2z4OWwMTPQdGiF8pN9u2J0 uzae1vBHXUlNOlh+b5QV+N7tgNLafw5mCp6MlHK0jHVk3jKg6mIz52wyJjP5qsOt +DryIzgDAC08N8FJzDJbKhlC/TWLQBn6IhVBJv7Zv75itW0e54v0pcWVSeHOdVIO DvFxGjhnGUcHEF/i50sHuVW4TM+dmZ5EqDnFlXQzqqLWDCNPrY08UOlETnpthr6h kRfZMI8usj3tlvnNXTHBeHhjYMHR4aL54NuIETYgvH/gku+gVlvgSK7vX2Dbxc9c 9bnedqTIQKhH4q7f7b/9wAC//fN7N/WRLn2yk8LEydITWPfQOrjRyDwp4797zZiZ nlwowIveiAIFziN7keV+6cRCeeOot7yZQl3deJrVwjYgHurJ8lJznSCio8fAMj+s ropeY3zuW2buCOrrshTV+9v8qvwYZ4UMAq0qcCmaFKjmdw7ag58= =rzHe -----END PGP SIGNATURE-----