Nano 2.2.4 is available from Debian unstable right now. All changes from 2.2.2 to 2.2.4 are bugfixes, as it's a stable branch, which no translation changes, etc. ubuntu-security, please advise if you want a new release or a patch.
I'm pasting the changelog entries since upstream 2.2.2. GNU nano 2.2.4 - 2010.04.15 2010-04-07 Chris Allegretta <chr...@asty.org> * doc/man/nano.1,nanorc.5: Remove the backup file warnings now that a sufficient security fix exists for the backup file code. 2010-04-14 Chris Allegretta <chr...@asty.org> * text.c (do_alt_speller): Skip invoking the alt speller if the file size is 0 bytes. Fixes Savannah bug 29393 reported by Mike Frysinger. * files.c (wirte_file): Don't set current_stat when tmp == TRUE, check whether current_stat is set when trying to use it, and don't do the modification check if the filename changed, since we have no way of knowing about it in that case. Fixes Savannah bug 29392, reported by Mike Frysinger. [CVE-2010-1160] 2010-04-13 Felipe Bugno <nec...@bol.com.br> * doc/syntax/cmake.nanorc: Added cmake syntax highlighting file. 2010-04-09 Chris Allegretta <chr...@asty.org> * files.c (do_writeout): Better security fixes for backup file writing, mangled from submission by Dan Rosenberg <dan.j.rosenberg at gmail> [CVE-2010-1161] 2010-04-08 Chris Allegretta <chr...@asty.org> * files.c (do_writeout): Previous fixes should not cause a crash when saving a new file. Discovered by Mike Frysinger <vap...@gentoo.org>. 2010-04-07 Chris Allegretta <chr...@asty.org> * doc/man/nano.1,nanorc.5: Add warnings about using backup mode as root due to the Dan Rosenberg security analysis. 2010-04-02 Chris Allegretta <chr...@asty.org> * files.c (do_writeout): Expand modification check to include both the original file's device ID and inode number as reasons to warn the user that the file has been modified. Also abort on writing a backup file when its owner doesn't match the edited file. Based on security analysis on nano by Dan Rosenberg. [CVE-2010-1160] 2010-03-21 Chris Allegretta <chr...@asty.org> * nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal settings when reading stdin if it was aborted with SIGINT. May fix Savannah bug 29114 reported by Mike Frysinger. 2010-03-21 Mike Frysinger <vap...@gentoo.org> * doc/syntax/c.nanorc: Add additional support for #include_next and #pragma 2010-03-21 Chris Allegretta <chr...@asty.org> * move.c (do_page_up, do_page_down()): Explicitly set current_y to 0 when paging up when not in smooth scroll mode, as previous fixes would otherwise cause the cursor to not really be moved to the stop of the screen. 2010-03-07 Chris Allegretta <chr...@asty.org> * configure.ac, nano.c (handle_sigwinch): Create check for whether LINES and COLS can safely be redefined. Fixes compilation issues with cygwin, and likely with newer versions of ncurses, fixes Savannah bug 28984 repoted by Andy Koppe and Eric Oliver via mailing list. * winio.c (get_mouseinput) - fix stray semicolon in code, also reported in bug 28984. GNU nano 2.2.3 - 2010.02.11 2010-01-28 Chris Allegretta <chr...@asty.org> * move.c (do_page_up, do_page_down): Fix for smooth mode not preserving cusor position. Part one of fix for Savannah bug 21178 by Mike Frysinger. ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1160 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1161 ** Bug watch added: Debian Bug tracker #577817 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577817 ** Also affects: nano (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577817 Importance: Unknown Status: Unknown -- [needs-packaging] Nano security update: 2.2.4 https://bugs.launchpad.net/bugs/564734 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs