Your message dated Sun, 05 May 2024 18:48:09 +0000
with message-id <e1s3gu9-004xpv...@fasolo.debian.org>
and subject line Bug#1064293: fixed in less 590-2.1~deb12u2
has caused the Debian Bug report #1064293,
regarding less: CVE-2022-48624
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064293
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: less
Version: 590-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for less.
CVE-2022-48624[0]:
| close_altfile in filename.c in less before 606 omits shell_quote
| calls for LESSCLOSE.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-48624
https://www.cve.org/CVERecord?id=CVE-2022-48624
[1] https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: less
Source-Version: 590-2.1~deb12u2
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
less, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated less package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 02 May 2024 20:30:51 +0200
Source: less
Architecture: source
Version: 590-2.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Milan Kupcevic <mi...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1064293 1068938 1069681
Changes:
less (590-2.1~deb12u2) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Milan Kupcevic ]
* Fix incorrect display when filename contains control chars
(Closes: #1069681)
.
less (590-2.1~deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for bookworm-security
.
less (590-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Shell-quote filenames when invoking LESSCLOSE (CVE-2022-48624)
(Closes: #1064293)
* Fix bug when viewing a file whose name contains a newline (CVE-2024-32487)
(Closes: #1068938)
Checksums-Sha1:
683da794f9203c803fa4690c9fc643e05e6b20df 2228 less_590-2.1~deb12u2.dsc
6a6d4f2cbe18bce3db8dc9f4337c2b35f32c76f4 23852
less_590-2.1~deb12u2.debian.tar.xz
Checksums-Sha256:
1a4219f8ec9342851805089d9ee5ec7c0150287d5722ecc914c50790673ad9a6 2228
less_590-2.1~deb12u2.dsc
4a54c48a25cabb5408af6d7bc174cad96614e540b47d2b8962b3e13819fd9b30 23852
less_590-2.1~deb12u2.debian.tar.xz
Files:
7dc4c944e5b41d3004e4eaa7be2c2134 2228 text important less_590-2.1~deb12u2.dsc
2d60b4f47bdb42a8e75be462aa417d1c 23852 text important
less_590-2.1~deb12u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYz3JZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWlIP/2noXgRJDkAvk7sxtArXPXg//lNiY/vu
eb4KDvjfCqa3Vmnk/TRf1+tXfo3pUM6CHr0JQmZQL4LwSdp61C45KnQwRXX1HWdK
RYqIoerrXp59TvXX65+oNPNh3DJlVbguOhvalg4g3+jc6K8CQAOZYVC2P4akpcbU
3/y2aEF+tdBgmq99H0uMo9KgY0pIQGaWcxYZQbf9LCOttw+iPGv+4uZxv/SKeuqg
nsJBiZw5Zuy9AjlTuTHwTOIgS6xsk7L1RlJ9b0vv/UaQUN05Qo/6k3XM65j6WwC+
3WGu3sIPo54ap26Pwjjf3dR19lGrZABh9IAdrgQlp0rm/pmI4G30+PVEy3dNInSL
QqkcW8oUA239xs/XzXeKACMreTCFFx+NhKN0UeJuru1awVZXEWp0BHoFn9HDfS5p
O+yPNFH4sT09JDAc2dFLzJRGOO+8TgRjJ01Ylcs2cCktNp4Tgzw1JzMHDAsJJEXg
QNg6ekYvlmpsqokAamBlXQTyET7GC/ur6TYuGVX6H6Rq3YJ6v/aLiC2RRijB3AiQ
vdt5tr3fRNAGKxiPfR6bEpSunYISjmgZPYRYcP+nsId8oMFsstfpJCRtGosyI/cj
lOHZuBmgxyikxYbxX5LxzDlCUWR9r51k93F3z/oQesrZbMIvCkZ+8QqPe56q1mI1
0krKZsOhjiTM
=Bqc3
-----END PGP SIGNATURE-----
pgpmhaoFDo0O4.pgp
Description: PGP signature
--- End Message ---
