The verification of the Stable Release Update for nano has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nano in Ubuntu. https://bugs.launchpad.net/bugs/1641592 Title: nano 2.5.3-2 on Xenial crashes with long paths on lockfiles Status in nano package in Ubuntu: Fix Released Status in nano source package in Xenial: Fix Released Bug description: # lsb_release -rd Description: Ubuntu 16.04.1 LTS Release: 16.04 # apt-cache policy nano nano: Installed: 2.5.3-2 Candidate: 2.5.3-2 Reproducer: 1. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999 2. <ctrl-z> 3. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999 4. <answer y/n to the lockfile question> 5. <nano should segfault> Quick dissection: Looking at function do_lockfile in files.c, it seems that promptstr is statically allocated to 128 characters. Now with a sufficiently long filename, the following sprintf() call will overflow the allocated promptstr buffer and corrupt memory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1641592/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp