Your message dated Tue, 14 Feb 2023 11:06:35 +0000 with message-id <e1prt8t-0040mq...@fasolo.debian.org> and subject line Bug#1030825: fixed in less 590-1.2 has caused the Debian Bug report #1030825, regarding less: CVE-2022-46663: -R filtering bypass to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1030825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030825 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: less Version: 590-1.1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for less. The severity is set on purpose to RC level, as I think the issue might ideally be fixed for the bookworm release in advance. CVE-2022-46663[0]: | less -R filtering bypass If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-46663 https://www.cve.org/CVERecord?id=CVE-2022-46663 [1] https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c [2] https://www.openwall.com/lists/oss-security/2023/02/07/7 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: less Source-Version: 590-1.2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of less, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1030...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated less package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Feb 2023 11:17:35 +0100 Source: less Architecture: source Version: 590-1.2 Distribution: unstable Urgency: medium Maintainer: Milan Kupcevic <mi...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1030825 Changes: less (590-1.2) unstable; urgency=medium . * Non-maintainer upload. * End OSC8 hyperlink on invalid embedded escape sequence (CVE-2022-46663) (Closes: #1030825) Checksums-Sha1: 5904b57d7b395f88909fe15a8f68471df1de77ec 1944 less_590-1.2.dsc 5b3fc4385707b16d1bc08b0c0748636df72e246e 20456 less_590-1.2.debian.tar.xz Checksums-Sha256: 6290f5e8607fb61719d37a50c627fc25d96f8caf19502d7137ade61a1d56a0ef 1944 less_590-1.2.dsc f4873578bec704987a6f22704453e2d8914c39fbc1d908853f074f5530f4aa3e 20456 less_590-1.2.debian.tar.xz Files: 523e53806203434c49e2b8e8a8b9ec6a 1944 text important less_590-1.2.dsc 1cd3b776b36d35cc38427e599a7c0267 20456 text important less_590-1.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPovS1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EiogP/R/kS/BRbicLM7vQ+ekh8NvSSBr9ztJB 3AKK9RQrXIh6SHojx2YovjDC5jRFYUPzERE5bnuHcY5zWiXkIuUlOsg9H/ahoUU0 Z+dMATiaowxhqfSq26g24X04CHcEIGGBYCXWoaMuhwmQSCOxal8mxBFbARG2tH6H RD2TVi4Qb3phhx9uKNWX172PPvcX/tUSLoQt92V+GOPiRQ8eyf26hFR/eelLEJbe Senhcyo13W5kSjwCyvcGJ2pzSGAKO11a45BECKAoiJFGiHhb0mznOTOMd3ePDL+7 mcEsyentenpgjN87DTmImYSBG20ANJW5Qdf0osutK7REF3G0R2zQz52TTFKG7upG o8bOXudpB/hA/TuO/A24oHzX8TJSTWTuxlDFRY/O/sUWeER4KHglLAzvyoRRaQX5 0M/6aBVj++BIQmwHUpuv9B34Vx5Serp1RCeUUixQhASuup4tuKTHSVlm+RMsh+jf +EyznTrk1vb1YkPOF/9FFlMQZrcdhIJNar+G44qAamqDU+PAfGq5i8YomN29hwL2 pWuhcfRaYLKrA0EZ3OKcTs2FsptQ/GYnq5fvLs0tV7jSiqc3U9oKejqz6ykc5M3G 3tgHm5gOWCEQSFWIfEbmtrcFubzLD7/oPRtEkosDoWQ4AFfYLc99vvkiAX/cLaCU jamFeFq8Dhg2 =DKVg -----END PGP SIGNATURE-----
--- End Message ---
