Opened 2 years ago

Closed 2 years ago

#5166 closed enhancement (fixed)

man-db-2.11.1

Reported by: Bruce Dubbs Owned by: Xi Ruoyao
Priority: normal Milestone: 11.3
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Xi Ruoyao, 2 years ago

Owner: changed from lfs-book to Xi Ruoyao
Status: newassigned

I'll run a jhalfs build with full tests today.

comment:2 by Xi Ruoyao, 2 years ago

man-db 2.11.1 (15 November 2022) ================================

Build:

Fixes:

  • SECURITY: Replace $ characters in page names with ? when constructing less prompts.
  • Silence error message when processing an empty manual page hierarchy with a nonexistent cache directory.
  • man(1) now sorts whatis references below real pages, even if the whatis references are from a section with higher priority.

Improvements:

  • Add section 3type to the default section list just after 2. This is used by the Linux man-pages package.
  • Recognize more Hungarian translations of the NAME section.
Version 0, edited 2 years ago by Xi Ruoyao (next)

comment:3 by Xi Ruoyao, 2 years ago

From the upstream:

On Mon, Oct 17, 2022 at 10:15:08PM +0200, Jakub Wilk wrote:

"$" is a special character in $LESS, but man-db doesn't take care of neutralizing it. This could be exploited for arbitrary code execution if the user were tricked to run "man -l" on files with names crafted by the attacker.

Thanks, fixed upstream:

https://gitlab.com/cjwatson/man-db/-/commit/09304c00a4a3dea95da5d1f0aa1ad4c20c292f3b

(I think this is a niche enough case that I don't plan to put work into getting a CVE allocated, backporting fixes, etc. If somebody else thinks otherwise then they should feel free.)

So I'll not post a SA for this one.

comment:4 by Xi Ruoyao, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed for trunk at r11.2-198-ge354e5846. Leaving #5162 open for SA.

Note: See TracTickets for help on using tickets.