Your message dated Tue, 15 Nov 2022 15:34:55 +0000
with message-id <[email protected]>
and subject line Bug#1021951: fixed in man-db 2.11.1-1
has caused the Debian Bug report #1021951,
regarding man-db: less(1) option injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1021951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021951
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: man-db
Version: 2.11.0-1+b1
Tags: security
"$" is a special character in $LESS, but man-db doesn't take care of
neutralizing it. This could be exploited for arbitrary code execution if
the user were tricked to run "man -l" on files with names crafted by the
attacker.
Proof of concept:
$ cp /dev/null $'$+!cowsay pwned\n$+q-P.1'
$ man -l ./*.1
!cowsay pwned
_______
< pwned >
-------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
!done (press RETURN)
-- System Information:
Architecture: i386
Versions of packages man-db depends on:
ii bsdextrautils 2.38.1-1.1+b1
ii bsdmainutils 12.1.7+nmu3
ii groff-base 1.22.4-8
ii debconf 1.5.79
ii libc6 2.35-3
ii libgdbm6 1.23-3
ii libpipeline1 1.5.6-3
ii libseccomp2 2.5.4-1+b1
ii zlib1g 1:1.2.11.dfsg-4.1
Versions of packages man-db suggests:
ii apparmor 3.0.7-1+b1
ii groff 1.22.4-8
ii less 590-1
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Source: man-db
Source-Version: 2.11.1-1
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
man-db, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated man-db package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 15 Nov 2022 15:14:06 +0000
Source: man-db
Architecture: source
Version: 2.11.1-1
Distribution: unstable
Urgency: medium
Maintainer: Colin Watson <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 762335 780235 1021951
Changes:
man-db (2.11.1-1) unstable; urgency=medium
.
* debian/upstream/metadata: Update upstream Git URL.
* debian/control: Update Homepage URL.
* debian/copyright: Update Source URL.
* New upstream release:
- SECURITY: Replace "$" characters in page names with "?" when
constructing "less" prompts (closes: #1021951).
- Silence error message when processing an empty manual page hierarchy
with a nonexistent cache directory (closes: #762335).
- man(1) now sorts whatis references below real pages, even if the
whatis references are from a section with higher priority (closes:
#780235).
- Add section "3type" to the default section list just after "2". This
is used by the Linux man-pages package.
Checksums-Sha1:
a0c302fa22bab920a83bf9f8c510fd9051108b01 2424 man-db_2.11.1-1.dsc
b317c8557e5755969e5406fc84d9414cc6cb3978 1948788 man-db_2.11.1.orig.tar.xz
a4c97d115971632649c1b226a068f8f35e24b342 833 man-db_2.11.1.orig.tar.xz.asc
e72129fd9fa01231d7d8f0348c294f3357c3b71d 73584 man-db_2.11.1-1.debian.tar.xz
Checksums-Sha256:
4ee1e5fd9fa44e767df7e8f5331878034ff8fc8ce18b5c39f889e0d8fefc63b0 2424
man-db_2.11.1-1.dsc
2eabaa5251349847de9c9e43c634d986cbcc6f87642d1d9cb8608ec18487b6cc 1948788
man-db_2.11.1.orig.tar.xz
52d06ba9bdaca2962750564316c487f1add8356e7028e088a28e645bf9efa9ef 833
man-db_2.11.1.orig.tar.xz.asc
0a66fd1a8bca9f15aaa69b2460c3ab9756b233a0b179f7e8c28f58ecb58b88b6 73584
man-db_2.11.1-1.debian.tar.xz
Files:
be8608ef458d9eb4aac1358afd44418b 2424 doc important man-db_2.11.1-1.dsc
88caf8efe127453f9dcb2ff9b2983f59 1948788 doc important
man-db_2.11.1.orig.tar.xz
553b0cbc406449576072e6b0e10cd1c4 833 doc important
man-db_2.11.1.orig.tar.xz.asc
6a23639019e7eb3531ca4c729636d08d 73584 doc important
man-db_2.11.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmNzrQEACgkQOTWH2X2G
UAt9ThAAnbJUMHUktCoSOxz0esmcV23A1gA+xREpQp+Do1hYxQg2GkDuhAv7DxHL
36yX/8HC5u6K6hSndTVKgA2fsBhy/fZoRzpCWIKYYsLbhnRGicx/rKTOEAENEa0w
n964tZ6dvM6oOXOVap/Cpw+yLSvreFK0teJQCpcVkt0kDZY939oAeOY2mCAX7nqw
QQiTeL7uMyymZFw6pp5+zIRwkwMQa+Pt505kuDJEC9eT1GyLYyzRQw1yGxRHLwSn
HnrlZtds3qiFCGXvOAghushl55A+2J2CI+O0tXoUIFUl74RVK4a2jevES6aEh/6S
jw9V09qPRJkdJaoV8se6WEXSgEdkbMtuOEXO3BxM8ZcVYGd2Agv9g4vhnI64mOgj
EuhvJKkQkroggvX9bkKOo+e/12ZzaUuAAH5gP6GdUcDZQzPPjoc3DjozvIp7GORl
WIwRGL9jayQP8Jt4UgiwNFDwxVIGE02jqq6QJfwaALbM78/h0Zf64ABCca9qYiis
6LBZFfhLGntQatMRKVkRxlLOUqx/ah5JXH2F0F7F0Y1WjvkpEUUV1E0cT6Ln7Iyb
FO3ogVQcP6JKgK9RBu2xAABQl5PPUdiRqOMO61ciZMTryTfFJTku7tV+w5AzXo9z
QeUMuOxqYxjJhw4Pp5Egbk2Yw1+vo9ylmjosWEF9csW2uA9/TK4=
=T29I
-----END PGP SIGNATURE-----
--- End Message ---
