-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5679-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 03, 2024                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : less
CVE ID         : CVE-2022-48624 CVE-2024-32487
Debian Bug     : 1064293 1068938 1069681

Several vulnerabilities were discovered in less, a file pager, which may
result in the execution of arbitrary commands if a file with a specially
crafted file name is processed.

For the oldstable distribution (bullseye), these problems have been fixed
in version 551-2+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 590-2.1~deb12u2.

We recommend that you upgrade your less packages.

For the detailed security status of less please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/less

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY1UxpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rt9Q//RATJdOip2H457Vmye1lZb/mUKci2CJBtj5/JOE1MVH8B0w/Vv5EIWCCa
MaBzfq3Wv9FmkLMIkfLp1IbM1KZ20+tVz9rz2tVHq0vp+fSjw8wurBv4AoFiRyI8
pFwTzXEtwWVPVBhsquvOXLNVuOyNBq4fmAc8ETccvhcm9rODsEh4gxKR/BURJxPF
jckpSv2EnEx/EEwSdFCaeJ5mjGDVN+Sd4V1LldyDLGCbRfY0RuC1hzGsX99o5NZ9
IEt2ZNQ+9OVQQCcpC6ayKtOkPFGKcRKTxhWZ2Q2gNl6tb0bYaQygHlxxRhiqok3G
li898tnb+nI/ZlksblIn6gUwEzBH2a5P0/LJg4iF/N1htz2fv1C+/C8/AVvE9iBr
lTV7RAo1xaIuV4yAgFsv+XJ7YsWtJKSwXkSRHAlcU3OGNmtQUxs6iQUrRJ97ax9L
0O/3wh7dXbmkU42EZlybTxYh7eMi074PzLva7t0im8KwC5sjvH7yLe6jLXCJ2+Kx
4apKfxPwTYn0bBqaeNgBBFHWwlYn+Rkofo4N5VdbFDWaMwctZ2FFLrpn3LQ3Mojn
ssgf/uchU1M8Vpjp01H3Jr0S97nz5cCwE+LlFddMNVlqNL/hA1xU8zNkyRLJcFai
JQVhtvLmuSFOW+FtvTjBB09T3o8lbPKYHacO1/h8/ZB+TKqlwQo=tUOa
-----END PGP SIGNATURE-----