Your message dated Sun, 05 May 2024 18:48:05 +0000
with message-id <e1s3gu5-004xop...@fasolo.debian.org>
and subject line Bug#1064293: fixed in less 590-2.1~deb12u1
has caused the Debian Bug report #1064293,
regarding less: CVE-2022-48624
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064293
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for less.
CVE-2022-48624[0]:
| close_altfile in filename.c in less before 606 omits shell_quote
| calls for LESSCLOSE.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-48624
https://www.cve.org/CVERecord?id=CVE-2022-48624
[1] https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: less
Source-Version: 590-2.1~deb12u1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
less, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated less package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Apr 2024 20:58:00 +0200
Source: less
Architecture: source
Version: 590-2.1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Milan Kupcevic <mi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1064293 1068938
Changes:
less (590-2.1~deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for bookworm-security
.
less (590-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624)
(Closes: #1064293)
* Fix bug when viewing a file whose name contains a newline (CVE-2024-32487)
(Closes: #1068938)
Checksums-Sha1:
d2ce563d0f5b51c8437a4cd6776c0f88738e415f 2228 less_590-2.1~deb12u1.dsc
82188f425b5197c24b834ae80b95ec07be442c78 352574 less_590.orig.tar.gz
ef145bfa44358173e9c405bdc3df92f3493dc805 163 less_590.orig.tar.gz.asc
6c1ef3c34ee2493a2f8349b188af22b5dcdfb252 23144
less_590-2.1~deb12u1.debian.tar.xz
Checksums-Sha256:
38c3a11ac9080ba82f5ae897def68b7dca58d21505cfa738e65afb84a6d66508 2228
less_590-2.1~deb12u1.dsc
6aadf54be8bf57d0e2999a3c5d67b1de63808bb90deb8f77b028eafae3a08e10 352574
less_590.orig.tar.gz
1bd54dbadb45eeaeaf58cee2b7b4a701c634c11866082bc494752838af37c3db 163
less_590.orig.tar.gz.asc
682c04edfc35ea4d5877a1e7f6d2a6ef7264bfd5737747a3b91878b23a7bef54 23144
less_590-2.1~deb12u1.debian.tar.xz
Files:
e1ea4e4f6a213baa11d89e0147152a45 2228 text important less_590-2.1~deb12u1.dsc
f029087448357812fba450091a1172ab 352574 text important less_590.orig.tar.gz
4b0250a232d475c4e37f569360d7c3d1 163 text important less_590.orig.tar.gz.asc
c896396417c56e4f5e4de19e8cd67e62 23144 text important
less_590-2.1~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYiv5BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EiUcP/0GqrDLfjxRXezgqCMap/Brd0TiQHzX/
/JDErOWxLtfEycTYdKXfxx/ugSESYhB0dcHT1wTvDenXjbFAroq217/67oORy/Xb
UgtyVz7iVN2h0qN+vUYGAsMujckONPAXeCsy2OrxA7XOO/QvmTnzG1as5v0jRLcY
cUE0ddul5iQAfjmcn3wE9E63aFHfSXotOPEE9pWdHlWrdHfftW8WZmkwU51MmgMp
E5d8pMV3vs9ohtgaGD5G9Ex2LhUlvybyXXFMvWhNqC+K/U+r1DEBOswDTeF3ylCY
kDs0LJCI2PguX2ugtLj1m8ctufmBX4OvbcFI9bNTCQxgGzTITVeph80fCJ4/XThr
DwQyHWqTdQd6AtIeB7z05Y/4DUvsEbQ18ogbw5A2+jPjBuHoUDdSrRgWclwMhDFS
cWIxLKCRoHyGDHvKJ4NCAThNDDrtq2bG/B14EHb+e4WuXSRfiqXoBLOvtEIIfKPG
tCF1BXElK8gzt7/pPpLppr7FtfHoTLjkj7Y+W0XBgOZeh022xNZ/DgIi5KUVBgSz
w8l3BdtS5mV4Fs8EVsgjOBh+GbZ4123tybmkIjbgzu4sMH7RX/JIzLFivMDX1htk
U/PEtI1BNraRqmIDNW6u856Y9GINvf3a9TYk3/l9Av2ExrUNbq2LJvRO7wS7Oiyz
R1X738u/sLUv
=9U7w
-----END PGP SIGNATURE-----
pgp8IvACszDwl.pgp
Description: PGP signature
--- End Message ---
