[Slackbuilds-users] Please patch yelp and yelp-xsl to overcome a security flaw
Didier Spaier
didier at slint.fr
Mon Apr 21 17:22:23 UTC 2025
Hello,
as recommended by Michael Catanzaro:
https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-vulnerability-in-yelp-cve-2025-3155/
I have patched locally yelp and yelp-xsl using these patches (also attached):
https://gitlab.gnome.org/GNOME/yelp/-/issues/221#note_2359937
against yelp-42.2 and yel-xsl-42.1 respectively
I suggest that they be applied to the SlackBuilds @ SBo.
Cheers,
Didier
PS while I was at it I wanted to upgrade webkit2gtk to the last version as
recommended by upstream for security reasons but could not because icu4c shipped
in Slackware 15.0 is too old. I have posted about that on LQ:
https://www.linuxquestions.org/questions/slackware-14/how-do-i-package-a-newer-icu4c-to-allow-upgrading-webkit2gtk-without-rebuilding-other-dependees-4175749884/
Suggestions are gladly welcome.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yelp.patch
Type: text/x-patch
Size: 4347 bytes
Desc: not available
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20250421/c158081d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yelp-xsl.patch
Type: text/x-patch
Size: 3319 bytes
Desc: not available
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20250421/c158081d/attachment-0001.bin>
More information about the SlackBuilds-users
mailing list