Jakub Wilk writes:
> less(1) does not correctly escape newlines in pathnames when
> constructing command line of the input preprocessor. If a user ran
> less(1) on files with untrusted names, this could result in execution
> of arbitrary code.
>
> The input preprocessor is enabled by the LESSOPEN
less(1) does not correctly escape newlines in pathnames when
constructing command line of the input preprocessor. If a user ran
less(1) on files with untrusted names, this could result in execution of
arbitrary code.
The input preprocessor is enabled by the LESSOPEN environment variable.
But i
