Bug#1070702: bookworm-pu: package nano/7.2-1+deb12u1

[Salvatore Bonaccorso <carnil@debian.org>]

Hi Jordi,

On Tue, May 07, 2024 at 04:00:15PM +0200, Jordi Mallach wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: nano@packages.debian.org
> Control: affects -1 + src:nano
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> As we did in previous Debian releases, this is an update
> for Debian stable's nano package with selected patches from
> the upstream maintainer.
> 
> 3 of the patches minor security issues, and the other one
> fixes a potential data-loss issue.
> 
> Additionally there's a minor update to the default nanorc which
> is a backport from 7.2-2, which was meant to be included in
> Debian 12.0 but freeze came along. It just gets rid of some
> control characters in some commented-out example bindings,
> replacing them with the new style syntax.
> 
> [ Checklist ]
>   [x] *all* changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in (old)stable
>   [x] the issue is verified as fixed in unstable
> 
> This source update was prompted by Salvatore while discussing one of the
> 3 security issues.

FTR,
https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2
has now as well a CVE assigned: CVE-2024-5742. But no need to redo an
upload, but would be great to get it accepted for the next point
release.

Regards,
Salvatore