A vulnerability was discovered in yelp, the GNOME help browser, that allows a crafted help document to read files accessible to the user and exfiltrate them to a remote server through resources loaded by the embedded web view. When yelp is launched from a sandboxed application (for example via the Flatpak OpenURI portal), this also enables a sandbox escape.
https://security-tracker.debian.org/tracker/DSA-6319-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-6319-1
Continue reading...
