Bug#1070702: bookworm-pu: package nano/7.2-1+deb12u1
Hi Jordi,
On Tue, May 07, 2024 at 04:00:15PM +0200, Jordi Mallach wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: nano@packages.debian.org
> Control: affects -1 + src:nano
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> As we did in previous Debian releases, this is an update
> for Debian stable's nano package with selected patches from
> the upstream maintainer.
>
> 3 of the patches minor security issues, and the other one
> fixes a potential data-loss issue.
>
> Additionally there's a minor update to the default nanorc which
> is a backport from 7.2-2, which was meant to be included in
> Debian 12.0 but freeze came along. It just gets rid of some
> control characters in some commented-out example bindings,
> replacing them with the new style syntax.
>
> [ Checklist ]
> [x] *all* changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in (old)stable
> [x] the issue is verified as fixed in unstable
>
> This source update was prompted by Salvatore while discussing one of the
> 3 security issues.
FTR,
https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2
has now as well a CVE assigned: CVE-2024-5742. But no need to redo an
upload, but would be great to get it accepted for the next point
release.
Regards,
Salvatore
Reply to: