Secure testing team - Aug 2008 - Bug#496851: yelp: does not correctly handle format strings for certain error messages

Package: yelp
Version: 2.22.1-6
Severity: grave
Tags: security
Justification: user security hole

yelp is vulnerable to attacks via badly formatted strings for certain error
messages.  ubuntu recently released a fix for this problem [1].  the issue 
is described as:

  Aaron Grattafiori discovered that the Gnome Help Viewer did not handle
  format strings correctly when displaying certain error messages.  If a
  user were tricked into opening a specially crafted URI, a remote attacker
  could execute arbitrary code with user privileges.

this may or may not be related to CVE-2008-3533 [2].  this should be
considered a high-urgency vulnerability since it allows remote attackers
to exectute arbitrary code.  

thank you for the hard work.

[1] http://www.ubuntu.com/usn/usn-638-1
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3533

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''stable''), (1, ''experimental'')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-etchnhalf.1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages yelp depends on:
ii  docbook-xml            4.5-5             standard XML documentation system,
ii  gconf2                 2.22.0-1          GNOME configuration database syste
ii  gnome-doc-utils        0.12.2-1          a collection of documentation util
ii  libbz2-1.0             1.0.5-1           high-quality block-sorting file co
ii  libc6                  2.7-13            GNU C Library: Shared libraries
ii  libdbus-glib-1-2       0.76-1            simple interprocess messaging syst
ii  libgcc1                1:4.3.1-9         GCC support library
ii  libgconf2-4            2.22.0-1          GNOME configuration database syste
ii  libglade2-0            1:2.6.2-1         library to load .glade files at ru
ii  libglib2.0-0           2.16.5-1          The GLib library of C routines
ii  libgnome2-0            2.20.1.1-1        The GNOME 2 library - runtime file
ii  libgnomeui-0           2.20.1.1-1        The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0         1:2.22.0-4        GNOME Virtual File System (runtime
ii  libgtk2.0-0            2.12.11-3         The GTK+ graphical user interface 
ii  libpango1.0-0          1.20.5-1          Layout and rendering of internatio
ii  librarian0             0.8.0-2           Rarian is a documentation meta-dat
ii  libstartup-notificatio 0.9-1             library for program launch feedbac
ii  libstdc++6             4.3.1-9           The GNU Standard C++ Library v3
ii  libx11-6               2:1.1.4-2         X11 client-side library
ii  libxml2                2.6.32.dfsg-3     GNOME XML library
ii  libxslt1.1             1.1.24-2          XSLT processing library - runtime 
ii  man-db                 2.5.2-2           on-line manual pager
ii  xml-core               0.11              XML infrastructure and XML catalog
ii  xulrunner-1.9          1.9.0.1-1         XUL + XPCOM application runner
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages yelp recommends:
ii  doc-base                      0.8.16     utilities to manage online documen
ii  ttf-dejavu                    2.25-3     Metapackage to pull in ttf-dejavu-

yelp suggests no packages.

-- no debconf information