Hi Milan,
On Thu, May 02, 2024 at 12:54:10PM -0400, Milan Kupcevic wrote:
> Hi Salvatore,
>
> On 5/2/24 10:45, Salvatore Bonaccorso wrote:
> [...]
> >
> > I did ponder about it and trying to add this fix as well for the
> > upcoming less DSA, but it won't go apply for the older releases and
> >
Hi Salvatore,
On 5/2/24 10:45, Salvatore Bonaccorso wrote:
[...]
I did ponder about it and trying to add this fix as well for the
upcoming less DSA, but it won't go apply for the older releases and
the issue is compared minor enough.
I think I will go ahead with the two CVE fixes only.
Take
Hi Milan,
On Tue, Apr 23, 2024 at 09:08:55AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Mon, Apr 22, 2024 at 12:25:45PM -0400, Milan Kupcevic wrote:
> > forwarded 1069681 https://github.com/gwsw/less/issues/503
> > thanks
>
> Thanks. For now I will hold-back the prepared security update to
Hi,
On Mon, Apr 22, 2024 at 12:25:45PM -0400, Milan Kupcevic wrote:
> forwarded 1069681 https://github.com/gwsw/less/issues/503
> thanks
Thanks. For now I will hold-back the prepared security update to see
if there is something else which needs to be done here.
Regards,
Salvatore
Package: less
Version: 590-2.1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
"less" does not escape special characters when outputting the
filename, either in the status line or in an error message.
With untrusted filenames (like in CVE-2024-32487), weird things
can
5 matches
Mail list logo
