Your message dated Sun, 05 May 2024 19:18:09 +0000
with message-id <e1s3hnb-004c8n...@fasolo.debian.org>
and subject line Bug#1064293: fixed in less 551-2+deb11u1
has caused the Debian Bug report #1064293,
regarding less: CVE-2022-48624
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064293
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for less.
CVE-2022-48624[0]:
| close_altfile in filename.c in less before 606 omits shell_quote
| calls for LESSCLOSE.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-48624
https://www.cve.org/CVERecord?id=CVE-2022-48624
[1] https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: less
Source-Version: 551-2+deb11u1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
less, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated less package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Apr 2024 21:37:35 +0200
Source: less
Architecture: source
Version: 551-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Milan Kupcevic <mi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1064293 1068938
Changes:
less (551-2+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624)
(Closes: #1064293)
* Fix bug when viewing a file whose name contains a newline (CVE-2024-32487)
(Closes: #1068938)
Checksums-Sha1:
04e598880c888e5706eb9dea18268fbaaabc6ca5 1968 less_551-2+deb11u1.dsc
7a2dbccd46697ba17189b1e19f75eee5115c19a2 347007 less_551.orig.tar.gz
6ed143fe69989f24a9585805fe744f083695f989 19904 less_551-2+deb11u1.debian.tar.xz
Checksums-Sha256:
6a718a7318c6cecab36041ad1c4530ae69f587b0a81a9fe32cc2c3f2d7e15508 1968
less_551-2+deb11u1.dsc
ff165275859381a63f19135a8f1f6c5a194d53ec3187f94121ecd8ef0795fe3d 347007
less_551.orig.tar.gz
3566c26aae5116cffa32367684f4ab3dd12d1ed0a61d8b6cc6cf3f5f8812eae9 19904
less_551-2+deb11u1.debian.tar.xz
Files:
79a23b31100af8999f52630778a72878 1968 text important less_551-2+deb11u1.dsc
4ad4408b06d7a6626a055cb453f36819 347007 text important less_551.orig.tar.gz
ca4fb7b6ad73983f7318c1fd11d77c2f 19904 text important
less_551-2+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYiyTBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ew1kP/jkiPYkaOXyrkKr5vNAIdCQ48vVEduZO
wL3bBOOQm0bqB4fpdC1NG4VsWlY15rFzuwBG56ZDzQPmV6BQb5lbwjMApxR3LJ10
zixjczhyoaJxqmXKBFcQw+/fJLTSdFSghvCRFFMuBU5pSJu56uHjlgpN0txSJ+1U
ikD09oFhqAdrGxkLWW/nb2o3qRKbf8/KMOH9nKmLKPzp4GNAy0t3u3MIUA+uTxhT
XouJxctxBugt0hju8ZTUjkoE0GaXdvXJvI/lLbuO15QnsuvXkrTEcEZYg/dzk5gp
C9dr44d9GjdHAxy6QJpY+7UhEO8y1kgLy7IzH/9nJ01j6x0PDqO0GESocyCX/pER
ITKrkpFSxhI/U/pbsYGDfvZgj4fBhWjxCPVfbzF7za9PGwFl3EWuMhztiwltJhki
JYpgiTJRUN4qf9r5EcmWtUxJaHNebjmFv53ADtev0QZiyNYxEH5A+cBEsOuTRcKc
onS1dLQ430m4G7vLARi95BVYKAbGBDrjWiEMSuoFdqZCTtXtXbR1IdqDUcA3mGlm
3nW+H2Nel5cKUPRquZIAxO9TBpzHVmCrpjbTMzYF8j/3UxSyf5pmqatlKDMOkZTb
XEWWUbg3z3PR6ENX8TK7PSudhS1eFwl1BCWX3XPVtdXPtA7JYT2KlDQxw4rkqB2E
az50ivdbFVgm
=d1zP
-----END PGP SIGNATURE-----
pgpL1pNXonQLr.pgp
Description: PGP signature
--- End Message ---
