Hi Jordi, On Tue, May 07, 2024 at 04:00:15PM +0200, Jordi Mallach wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: [email protected] > Control: affects -1 + src:nano > User: [email protected] > Usertags: pu > > As we did in previous Debian releases, this is an update > for Debian stable's nano package with selected patches from > the upstream maintainer. > > 3 of the patches minor security issues, and the other one > fixes a potential data-loss issue. > > Additionally there's a minor update to the default nanorc which > is a backport from 7.2-2, which was meant to be included in > Debian 12.0 but freeze came along. It just gets rid of some > control characters in some commented-out example bindings, > replacing them with the new style syntax. > > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in (old)stable > [x] the issue is verified as fixed in unstable > > This source update was prompted by Salvatore while discussing one of the > 3 security issues.
FTR, https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2 has now as well a CVE assigned: CVE-2024-5742. But no need to redo an upload, but would be great to get it accepted for the next point release. Regards, Salvatore
