Bug 31529

Summary: less new security issue CVE-2022-46663
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Base system maintainers <basesystem>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, nicolas.salguero
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: less-608-1.mga9.src.rpm CVE:
Status comment:

Description David Walser 2023-02-09 17:23:30 CET 
A security issue fixed upstream in less has been announced on February 7:
https://www.openwall.com/lists/oss-security/2023/02/07/7

The upstream fix is linked in the message above.
Comment 1 Marja Van Waes 2023-02-09 21:05:40 CET 
Assigning to our Base System maintainers, because less is listed in the output of: 
   urpmq --requires-recursive basesystem-minimal

Assignee: bugsquad => basesystem
CC: (none) => marja11

Comment 2 Nicolas Salguero 2023-02-10 15:20:16 CET 
Hi,

less-623-1.mga9, which is in Cauldron, is not affected by that CVE.  I verified that the code from the patch given in the link in comment 0 is already in 
less-623-1.mga9.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 3 David Walser 2023-02-10 16:55:31 CET 
Ubuntu has issued an advisory for this on February 9:
https://ubuntu.com/security/notices/USN-5848-1

It looks like we already have a newer version packaged.

Resolution: (none) => FIXED
Status: NEW => RESOLVED