Control: tags 1030825 + patch
Control: tags 1030825 + pending

Dear maintainer,

I've prepared an NMU for less (versioned as 590-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
diff -Nru less-590/debian/changelog less-590/debian/changelog
--- less-590/debian/changelog	2022-12-21 13:27:37.000000000 +0100
+++ less-590/debian/changelog	2023-02-12 11:17:35.000000000 +0100
@@ -1,3 +1,11 @@
+less (590-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * End OSC8 hyperlink on invalid embedded escape sequence (CVE-2022-46663)
+    (Closes: #1030825)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sun, 12 Feb 2023 11:17:35 +0100
+
 less (590-1.1) sid; urgency=medium
 
   * Non-maintainer upload
diff -Nru less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch
--- less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch	1970-01-01 01:00:00.000000000 +0100
+++ less-590/debian/patches/End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch	2023-02-12 11:17:35.000000000 +0100
@@ -0,0 +1,29 @@
+From: Mark Nudelman <ma...@greenwoodsoftware.com>
+Date: Fri, 7 Oct 2022 19:25:46 -0700
+Subject: End OSC8 hyperlink on invalid embedded escape sequence.
+Origin: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-46663
+Bug-Debian: https://bugs.debian.org/1030825
+
+---
+ line.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/line.c b/line.c
+index 236c49aecfe1..cba7bdd1e614 100644
+--- a/line.c
++++ b/line.c
+@@ -633,8 +633,8 @@ ansi_step(pansi, ch)
+ 		/* Hyperlink ends with \7 or ESC-backslash. */
+ 		if (ch == '\7')
+ 			return ANSI_END;
+-		if (pansi->prev_esc && ch == '\\')
+-			return ANSI_END;
++		if (pansi->prev_esc)
++            return (ch == '\\') ? ANSI_END : ANSI_ERR;
+ 		pansi->prev_esc = (ch == ESC);
+ 		return ANSI_MID;
+ 	}
+-- 
+2.39.1
+
diff -Nru less-590/debian/patches/series less-590/debian/patches/series
--- less-590/debian/patches/series	2022-12-21 13:25:32.000000000 +0100
+++ less-590/debian/patches/series	2023-02-12 11:17:35.000000000 +0100
@@ -1,2 +1,3 @@
 less-is-more-434417.patch
 02-655926-more_can_go_backwards.patch
+End-OSC8-hyperlink-on-invalid-embedded-escape-sequen.patch

Reply via email to