| Name | TEMP-1136299-DD6181 |
| Description | yelp: Sandbox escape |
| Source | Automatically generated temporary name. Not for external reference. |
| Debian Bugs | 1136299 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| yelp (PTS) | bullseye | 3.38.3-1 | vulnerable |
| bullseye (security) | 3.38.3-1+deb11u1 | vulnerable |
| bookworm, bookworm (security) | 42.2-1+deb12u1 | vulnerable |
| trixie | 42.2-4 | vulnerable |
| forky, sid | 49.1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| yelp | source | (unstable) | 49.1-1 | | | 1136299 |
Notes
https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
https://gitlab.gnome.org/GNOME/yelp/-/work_items/238
Fixed by: https://gitlab.gnome.org/GNOME/yelp/-/commit/d220aa2f754eed4e6a006a4acaa68b31892dea2b (49.1)
Fixed by: https://gitlab.gnome.org/GNOME/yelp/-/commit/c8c8244c8a812860782d635890c9b6c43ecc2639 (49.1)