Patch backported from:

commit 007521ac3c95bc76e3d59c6dbfe75d06c8075c33
Author: Mark Nudelman <markn@greenwoodsoftware.com>
Date:   Thu Apr 11 17:49:48 2024 -0700

    Fix bug when viewing a file whose name contains a newline.

diff -up less-643/filename.c.cve-2024-32487 less-643/filename.c
--- less-643/filename.c.cve-2024-32487	2023-07-21 00:43:14.000000000 +0200
+++ less-643/filename.c	2024-04-23 10:24:17.347269703 +0200
@@ -128,6 +128,15 @@ static char * metachars(void)
 }
 
 /*
+ * Must use quotes rather than escape char for this metachar?
+ */
+static int must_quote(char c)
+{
+	/* {{ Maybe the set of must_quote chars should be configurable? }} */
+	return (c == '\n'); 
+}
+
+/*
  * Insert a backslash before each metacharacter in a string.
  */
	public char *
@@ -164,6 +173,9 @@ public char * shell_quote(char *s)
 				 * doesn't support escape chars.  Use quotes.
 				 */
 				use_quotes = 1;
+			} else if (must_quote(*p))
+			{
+				len += 3; /* open quote + char + close quote */
 			} else
 			{
 				/*
@@ -193,15 +205,22 @@ public char * shell_quote(char *s)
 	{
 		while (*s != '\0')
 		{
-			if (metachar(*s))
+			if (!metachar(*s))
 			{
-				/*
-				 * Add the escape char.
-				 */
+				*p++ = *s++;
+			} else if (must_quote(*s))
+			{
+				/* Surround the char with quotes. */
+				*p++ = openquote;
+				*p++ = *s++;
+				*p++ = closequote;
+			} else
+			{
+				/* Insert an escape char before the char. */
 				strcpy(p, esc);
 				p += esclen;
+				*p++ = *s++;
 			}
-			*p++ = *s++;
 		}
 		*p = '\0';
 	}