Your message dated Sun, 05 May 2024 19:18:13 +0000
with message-id <e1s3hnf-004cao...@fasolo.debian.org>
and subject line Bug#1064293: fixed in less 551-2+deb11u2
has caused the Debian Bug report #1064293,
regarding less: CVE-2022-48624
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064293
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for less.
CVE-2022-48624[0]:
| close_altfile in filename.c in less before 606 omits shell_quote
| calls for LESSCLOSE.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-48624
https://www.cve.org/CVERecord?id=CVE-2022-48624
[1] https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: less
Source-Version: 551-2+deb11u2
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
less, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated less package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 02 May 2024 20:29:26 +0200
Source: less
Architecture: source
Version: 551-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Milan Kupcevic <mi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1064293 1068938 1069681
Changes:
less (551-2+deb11u2) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Milan Kupcevic ]
* Fix incorrect display when filename contains control chars
(Closes: #1069681)
.
less (551-2+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624)
(Closes: #1064293)
* Fix bug when viewing a file whose name contains a newline (CVE-2024-32487)
(Closes: #1068938)
Checksums-Sha1:
284666aff7d0a3e0719eb2675eb7fc8db39a5520 1968 less_551-2+deb11u2.dsc
70af3c8dfa2c3611b16691acaaead33d6ca5e885 20696 less_551-2+deb11u2.debian.tar.xz
Checksums-Sha256:
19f72b42c4f99c402d30c52bb0fc10b0084ff69f50e7482fb64091a75065fdd1 1968
less_551-2+deb11u2.dsc
d1679210766e0cd7280411d1d55138633076fb47af5fadb58e1341fedef834ec 20696
less_551-2+deb11u2.debian.tar.xz
Files:
57c11d84044eb3e10a896a02e94129f5 1968 text important less_551-2+deb11u2.dsc
20d9522502289f5ed6706604ec0e020f 20696 text important
less_551-2+deb11u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYz285fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ez1QP/je0Iu60GbbZypElGvy3S618tU94Ishy
vkawxYkAKCUEdZ4ACPbKZyJ5DLJJk0Rs+Bmi2SUqUAWRLo9fsBnxLDTFU3xFfaW2
UJOtT0CJdJb6VNIDJLjGg7Gh4d0oKL1eff/+DJziJQVfH4X6hDzJm4mcYqvDiXU4
PJFZs0GQL77gYu3GasXOI0qcHpZ2lZIBeuAJapQTkwPvBQ5v9k5xGgWXxgUgjAs6
kD947R42wYPUdJe2tZDwR3xyRaVCtY42hIIS3jV7+pkyOiLxpSAYXO+Yi17Drpq9
gt3nzjRl8exA7vXbeQFw5j4IPf/FI5/KZ8VRX3TDhVaUbSf8SyAGrFCbDTHcDPd1
KABTJcMIIXOY0uwHx03QEvBPwMaqs7QwytDYL/4iQcTndigoZzv7bL5zIUJs6BsL
VM+WayVfRqIdX3rkUaOI9hhFziOH73mIn9qeV6PTwjSGBe3SnT5+T6e4PR5A25Zi
yzfpvvm5JWP2/cATYgQP7BfkZLrMFR0AXITnc1AOZWeufA1DyNnRRijfDhDBSu1V
/juuaAo9aWZl+tZtMqNbYTPQ3ZXaVy4riRqnm3reX+Eyn26wGjUgEunElBM64ctk
kDmLyUviiBcP5wfWbBmwUTehIwbAlQCgqVim0skUfYYbz5VSDwCWXLdU1R35P9Dg
Zzzr6rpPA2RZ
=QMuU
-----END PGP SIGNATURE-----
pgppdAT1GCl4v.pgp
Description: PGP signature
--- End Message ---
