update: less #1432

dongsupark · 2024-04-22T07:54:18Z

Name: less
CVEs: CVE-2024-32487
CVSSs: n/a
Action Needed: update to >= 643-r2

Summary: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

refmap.gentoo: https://bugs.gentoo.org/929210

dongsupark added security security concerns advisory security advisory labels Apr 22, 2024

dongsupark added this to Flatcar tactical, release planning, and roadmap Apr 22, 2024

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Apr 22, 2024

dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Apr 22, 2024

github-actions bot mentioned this issue Apr 22, 2024

Monthly contributions report 2024-03-22 - 2024-04-21 #1435

Closed

krnowak mentioned this issue Apr 23, 2024

Weekly portage-stable package updates 2024-04-22 flatcar/scripts#1949

Merged

2 tasks

dongsupark moved this from 🪵Backlog to ⚒️ In Progress in Flatcar tactical, release planning, and roadmap Apr 24, 2024

krnowak closed this as completed in flatcar/scripts#1949 Apr 25, 2024

github-project-automation bot moved this from ⚒️ In Progress to Implemented in Flatcar tactical, release planning, and roadmap Apr 25, 2024

github-actions bot mentioned this issue May 22, 2024

Monthly contributions report 2024-04-22 - 2024-05-21 #1451

Closed

dongsupark removed this from Flatcar tactical, release planning, and roadmap Oct 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: less #1432

update: less #1432

dongsupark commented Apr 22, 2024

update: less #1432

update: less #1432

Comments

dongsupark commented Apr 22, 2024