Control: tags 1030825 + patch Control: tags 1030825 + pending
Dear maintainer, I've prepared an NMU for less (versioned as 590-1.2) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards, Salvatore
diff -Nru less-590/debian/changelog less-590/debian/changelog --- less-590/debian/changelog 2022-12-21 13:27:37.000000000 +0100 +++ less-590/debian/changelog 2023-02-12 11:17:35.000000000 +0100 @@ -1,3 +1,11 @@ +less (590-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * End OSC8 hyperlink on invalid embedded escape sequence (CVE-2022-46663) + (Closes: #1030825) + + -- Salvatore Bonaccorso <car...@debian.org> Sun, 12 Feb 2023 11:17:35 +0100 + less (590-1.1) sid; urgency=medium * Non-maintainer upload diff -Nru less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch --- less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch 1970-01-01 01:00:00.000000000 +0100 +++ less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch 2023-02-12 11:17:35.000000000 +0100 @@ -0,0 +1,29 @@ +From: Mark Nudelman <ma...@greenwoodsoftware.com> +Date: Fri, 7 Oct 2022 19:25:46 -0700 +Subject: End OSC8 hyperlink on invalid embedded escape sequence. +Origin: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-46663 +Bug-Debian: https://bugs.debian.org/1030825 + +--- + line.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/line.c b/line.c +index 236c49aecfe1..cba7bdd1e614 100644 +--- a/line.c ++++ b/line.c +@@ -633,8 +633,8 @@ ansi_step(pansi, ch) + /* Hyperlink ends with \7 or ESC-backslash. */ + if (ch == '\7') + return ANSI_END; +- if (pansi->prev_esc && ch == '\\') +- return ANSI_END; ++ if (pansi->prev_esc) ++ return (ch == '\\') ? ANSI_END : ANSI_ERR; + pansi->prev_esc = (ch == ESC); + return ANSI_MID; + } +-- +2.39.1 + diff -Nru less-590/debian/patches/series less-590/debian/patches/series --- less-590/debian/patches/series 2022-12-21 13:25:32.000000000 +0100 +++ less-590/debian/patches/series 2023-02-12 11:17:35.000000000 +0100 @@ -1,2 +1,3 @@ less-is-more-434417.patch 02-655926-more_can_go_backwards.patch +End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch