Control: tag -1 fixed-upstream On Mon, Oct 17, 2022 at 10:15:08PM +0200, Jakub Wilk wrote: > "$" is a special character in $LESS, but man-db doesn't take care of > neutralizing it. This could be exploited for arbitrary code execution if the > user were tricked to run "man -l" on files with names crafted by the > attacker.
Thanks, fixed upstream: https://gitlab.com/cjwatson/man-db/-/commit/09304c00a4a3dea95da5d1f0aa1ad4c20c292f3b (I think this is a niche enough case that I don't plan to put work into getting a CVE allocated, backporting fixes, etc. If somebody else thinks otherwise then they should feel free.) -- Colin Watson (he/him) [cjwat...@debian.org]