Nano 2.2.4 is available from Debian unstable right now.
All changes from 2.2.2 to 2.2.4 are bugfixes, as it's a stable branch,
which no translation changes, etc. ubuntu-security, please advise if you
want a new release or a patch.
I'm pasting the changelog entries since upstream 2.2.2.
GNU nano 2.2.4 - 2010.04.15
2010-04-07 Chris Allegretta <chr...@asty.org>
* doc/man/nano.1,nanorc.5: Remove the backup file warnings now
that a sufficient security fix exists for the backup file code.
2010-04-14 Chris Allegretta <chr...@asty.org>
* text.c (do_alt_speller): Skip invoking the alt speller if the file
size
is 0 bytes. Fixes Savannah bug 29393 reported by Mike Frysinger.
* files.c (wirte_file): Don't set current_stat when tmp == TRUE, check
whether current_stat is set when trying to use it, and don't do the
modification check if the filename changed, since we have no way
of knowing about it in that case. Fixes Savannah bug 29392, reported
by Mike Frysinger. [CVE-2010-1160]
2010-04-13 Felipe Bugno <nec...@bol.com.br>
* doc/syntax/cmake.nanorc: Added cmake syntax highlighting file.
2010-04-09 Chris Allegretta <chr...@asty.org>
* files.c (do_writeout): Better security fixes for backup file writing,
mangled from submission by Dan Rosenberg <dan.j.rosenberg at gmail>
[CVE-2010-1161]
2010-04-08 Chris Allegretta <chr...@asty.org>
* files.c (do_writeout): Previous fixes should not cause a crash
when saving a new file. Discovered by Mike Frysinger
<vap...@gentoo.org>.
2010-04-07 Chris Allegretta <chr...@asty.org>
* doc/man/nano.1,nanorc.5: Add warnings about using backup
mode as root due to the Dan Rosenberg security analysis.
2010-04-02 Chris Allegretta <chr...@asty.org>
* files.c (do_writeout): Expand modification check to include both the
original file's device ID and inode number as reasons to warn the
user that the file has been modified. Also abort on writing a backup
file when its owner doesn't match the edited file. Based on security
analysis on nano by Dan Rosenberg. [CVE-2010-1160]
2010-03-21 Chris Allegretta <chr...@asty.org>
* nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal
settings when reading stdin if it was aborted with SIGINT. May fix
Savannah
bug 29114 reported by Mike Frysinger.
2010-03-21 Mike Frysinger <vap...@gentoo.org>
* doc/syntax/c.nanorc: Add additional support for #include_next and
#pragma
2010-03-21 Chris Allegretta <chr...@asty.org>
* move.c (do_page_up, do_page_down()): Explicitly set current_y to 0
when paging
up when not in smooth scroll mode, as previous fixes would otherwise
cause
the cursor to not really be moved to the stop of the screen.
2010-03-07 Chris Allegretta <chr...@asty.org>
* configure.ac, nano.c (handle_sigwinch): Create check for whether
LINES and
COLS can safely be redefined. Fixes compilation issues with cygwin,
and likely
with newer versions of ncurses, fixes Savannah bug 28984 repoted by
Andy Koppe
and Eric Oliver via mailing list.
* winio.c (get_mouseinput) - fix stray semicolon in code, also reported
in
bug 28984.
GNU nano 2.2.3 - 2010.02.11
2010-01-28 Chris Allegretta <chr...@asty.org>
* move.c (do_page_up, do_page_down): Fix for smooth mode not preserving
cusor
position. Part one of fix for Savannah bug 21178 by Mike Frysinger.
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1160
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1161
** Bug watch added: Debian Bug tracker #577817
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577817
** Also affects: nano (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577817
Importance: Unknown
Status: Unknown
--
[needs-packaging] Nano security update: 2.2.4
https://bugs.launchpad.net/bugs/564734
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
