Your message dated Mon, 11 May 2026 13:40:09 -0400
with message-id
<CAAajCMahUPY3eeZDGJM=1hzwwkmr5araxypa29vq11ubj-h...@mail.gmail.com>
and subject line Re: Bug#1136299: yelp: security vulnerability fixed in 49.1
has caused the Debian Bug report #1136299,
regarding yelp: security vulnerability fixed in 49.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136299: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136299
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: yelp
Version: 49.0-1
Severity: serious
Tags: security upstream bookworm trixie
X-Debbugs-CC: [email protected]
Sandbox escape hardening was done in yelp's recent 49.1 release that
was discussed more today at
https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
A CVE has been requested, but we don't need to wait for it to be
assigned to fix this issue.
The issue is fixed with these 2 upstream commits:
https://gitlab.gnome.org/GNOME/yelp/-/commit/d220aa2f754eed4e6a006a4acaa68b31892dea2b
https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639
This issue has already been fixed in unstable.
Thank you,
Jeremy Bícha
--- End Message ---
--- Begin Message ---
Version: 49.1-1
--- End Message ---
