diff -Nru less-590/debian/changelog less-590/debian/changelog
--- less-590/debian/changelog	2024-02-20 13:07:43.000000000 +0000
+++ less-590/debian/changelog	2024-04-27 20:32:45.000000000 +0000
@@ -1,3 +1,12 @@
+less (590-1ubuntu0.22.04.3) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: Arbitrary command execution
+    - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file
+      whose name contains a newline. 
+    - CVE-2024-32487
+
+ -- Fabian Toepfer <fabian.toepfer@canonical.com>  Sat, 27 Apr 2024 22:32:45 +0200
+
 less (590-1ubuntu0.22.04.2) jammy-security; urgency=medium
 
   * SECURITY UPDATE: Unsafe call and Possibly arbitrary code execution
diff -Nru less-590/debian/patches/CVE-2024-32487.patch less-590/debian/patches/CVE-2024-32487.patch
--- less-590/debian/patches/CVE-2024-32487.patch	1970-01-01 00:00:00.000000000 +0000
+++ less-590/debian/patches/CVE-2024-32487.patch	2024-04-27 20:32:25.000000000 +0000
@@ -0,0 +1,65 @@
+From 007521ac3c95bc76e3d59c6dbfe75d06c8075c33 Mon Sep 17 00:00:00 2001
+From: Mark Nudelman <markn@greenwoodsoftware.com>
+Date: Thu, 11 Apr 2024 17:49:48 -0700
+Subject: [PATCH] Fix bug when viewing a file whose name contains a newline.
+
+---
+ filename.c | 31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+--- less-590.orig/filename.c
++++ less-590/filename.c
+@@ -136,6 +136,15 @@ metachar(c)
+ }
+ 
+ /*
++ * Must use quotes rather than escape char for this metachar?
++ */
++static int must_quote(char c)
++{
++	/* {{ Maybe the set of must_quote chars should be configurable? }} */
++	return (c == '\n');
++}
++
++/*
+  * Insert a backslash before each metacharacter in a string.
+  */
+ 	public char *
+@@ -168,6 +177,9 @@ shell_quote(s)
+ 				 * doesn't support escape chars.  Use quotes.
+ 				 */
+ 				use_quotes = 1;
++			} else if (must_quote(*p))
++			{
++				len += 3; /* open quote + char + close quote */
+ 			} else
+ 			{
+ 				/*
+@@ -197,15 +209,22 @@ shell_quote(s)
+ 	{
+ 		while (*s != '\0')
+ 		{
+-			if (metachar(*s))
++			if (!metachar(*s))
+ 			{
+-				/*
+-				 * Add the escape char.
+-				 */
++				*p++ = *s++;
++			} else if (must_quote(*s))
++			{
++				/* Surround the char with quotes. */
++				*p++ = openquote;
++				*p++ = *s++;
++				*p++ = closequote;
++			} else
++			{
++				/* Insert an escape char before the char. */
+ 				strcpy(p, esc);
+ 				p += esclen;
++				*p++ = *s++;
+ 			}
+-			*p++ = *s++;
+ 		}
+ 		*p = '\0';
+ 	}
diff -Nru less-590/debian/patches/series less-590/debian/patches/series
--- less-590/debian/patches/series	2024-02-20 13:07:30.000000000 +0000
+++ less-590/debian/patches/series	2024-04-27 20:32:25.000000000 +0000
@@ -2,3 +2,4 @@
 02-655926-more_can_go_backwards.patch
 CVE-2022-46663.patch
 CVE-2022-48624.patch
+CVE-2024-32487.patch