On Tue, Oct 18, 2022 at 12:35:53PM +0200, Jakub Wilk wrote:
> * Colin Watson , 2022-10-18 00:12:
> > https://gitlab.com/cjwatson/man-db/-/commit/09304c00a4a3dea95da5d1f0aa1ad4c20c292f3b
>
> Unfortunately this isn't quite right.
>
> The fix broke prompts for man pages that had special characters i
* Colin Watson , 2022-10-18 00:12:
https://gitlab.com/cjwatson/man-db/-/commit/09304c00a4a3dea95da5d1f0aa1ad4c20c292f3b
Unfortunately this isn't quite right.
The fix broke prompts for man pages that had special characters in their
titles. For example, for apt.conf.5 the prompt looks like this
Control: tag -1 fixed-upstream
On Mon, Oct 17, 2022 at 10:15:08PM +0200, Jakub Wilk wrote:
> "$" is a special character in $LESS, but man-db doesn't take care of
> neutralizing it. This could be exploited for arbitrary code execution if the
> user were tricked to run "man -l" on files with names c
Package: man-db
Version: 2.11.0-1+b1
Tags: security
"$" is a special character in $LESS, but man-db doesn't take care of
neutralizing it. This could be exploited for arbitrary code execution if
the user were tricked to run "man -l" on files with names crafted by the
attacker.
Proof of concep
4 matches
Mail list logo
