Your message dated Sun, 21 Apr 2024 15:49:35 +0000
with message-id <e1ryzrf-0002lj...@fasolo.debian.org>
and subject line Bug#1064293: fixed in less 590-2.1
has caused the Debian Bug report #1064293,
regarding less: CVE-2022-48624
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064293
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for less.
CVE-2022-48624[0]:
| close_altfile in filename.c in less before 606 omits shell_quote
| calls for LESSCLOSE.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-48624
https://www.cve.org/CVERecord?id=CVE-2022-48624
[1] https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: less
Source-Version: 590-2.1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
less, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated less package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Apr 2024 15:09:49 +0200
Source: less
Architecture: source
Version: 590-2.1
Distribution: unstable
Urgency: medium
Maintainer: Milan Kupcevic <mi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1064293 1068938
Changes:
less (590-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624)
(Closes: #1064293)
* Fix bug when viewing a file whose name contains a newline (CVE-2024-32487)
(Closes: #1068938)
Checksums-Sha1:
adea696b73ad5c355d91a6aa8a2e5042f8f91af6 1967 less_590-2.1.dsc
1ebafcce1da00f6a25fd35fe0c6c71a244727748 23072 less_590-2.1.debian.tar.xz
Checksums-Sha256:
6f44ded535db6b44364f2b4e8c14ec2ee45bb42aa06e97fd5db721931b63826f 1967
less_590-2.1.dsc
b742b498e1f5611ba9e67d0722e13c9fec1b963fe4425fa3864301aa3db09ac4 23072
less_590-2.1.debian.tar.xz
Files:
e942c2c432580ab1b7a130e0985d8d43 1967 text important less_590-2.1.dsc
f8c14ba0fb8f626ed23d0328991749e8 23072 text important
less_590-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYieEFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E0s4P/1YpmB3EFprl6ap/4u7flSxmNs6p4/oG
hr06cRgZqPYz08iq8Ek7HGn3ZWqzJpFyqgzycQJo8w3yli5IRdcG4HFHXvHz32fH
b7sND8XZ9JBI76z+NvzBgPBNu/RPCHGLeWAqHfgFovK8op3s6PlmQzC5sgQFt3Dh
6Rt+psNbsBNlTdZWDBd9AF8D0FXTGMZc1OB8Kfwobx3y7C0sXVpqgTST5pgmfQYj
HmVljQ1TBoRs5lQR5tGJY6Tje6swvf2HtGpVTTK/QHi5hofm3v47BTb36txnbUbY
NDYpQwShArieaSGT5f8rg97dvF2Z4eW4Xdz9jG7X0P+fbqmwNx2ozHhacrmwAGlU
j8Bi6UWauhTNFy9UbRWGiF4AF3XQUWWx/afd5jHUYN7y2jROkOCKZ4kLnOZDaln1
N6Fbx4C05hvYFP3GbtPTlwkPUE68yLh7IAmwm6KrMx/IHppcRq+r1kyWa+Qm4zXF
3lil/BFSQYjXfVVLvaKT8C0P7PoVkxQfIkE2wJ8gDtK7rJ4Z20I1CYxirAv5Gl6J
Po6SA0eeTODv4BHoNHjwXN/8qTjF5u/M28RwoO+sYCnjYukSeI5tbd+r7FssEaI1
k9eiZ4zjwIf4vmlYOyrWNOPU7+6a5vLXoZbxtJxzRsQpZ+/IIomq7u0Xddr54NEM
190L5/TLVvaY
=SqSG
-----END PGP SIGNATURE-----
pgpESqHgFEIGh.pgp
Description: PGP signature
--- End Message ---
