31529 – less new security issue CVE-2022-46663

Bug 31529 - less new security issue CVE-2022-46663

Summary: less new security issue CVE-2022-46663

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Base system maintainers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-09 17:23 CET by David Walser
Modified:	2023-02-10 16:55 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	less-608-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-02-09 17:23:30 CET

A security issue fixed upstream in less has been announced on February 7:
https://www.openwall.com/lists/oss-security/2023/02/07/7

The upstream fix is linked in the message above.

Comment 1 Marja Van Waes 2023-02-09 21:05:40 CET

Assigning to our Base System maintainers, because less is listed in the output of: 
   urpmq --requires-recursive basesystem-minimal

Assignee: bugsquad => basesystem
CC: (none) => marja11

Comment 2 Nicolas Salguero 2023-02-10 15:20:16 CET

Hi,

less-623-1.mga9, which is in Cauldron, is not affected by that CVE.  I verified that the code from the patch given in the link in comment 0 is already in 
less-623-1.mga9.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 3 David Walser 2023-02-10 16:55:31 CET

Ubuntu has issued an advisory for this on February 9:
https://ubuntu.com/security/notices/USN-5848-1

It looks like we already have a newer version packaged.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.