Nano security update: 2.2.4
Bug #564734 reported by
Heimen Stoffels
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nano (Debian) |
Fix Released
|
Unknown
|
|||
nano (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Nano 2.2.4 was released yesterday. This release includes security fixes due to an assessment of nano's vulnerability to symlink attacks.
So it either needs to be updated or Nano 2.2.2 from 10.04 needs to be patched to fix this security issue with Nano.
visibility: | private → public |
affects: | ubuntu → nano (Ubuntu) |
Changed in nano (Debian): | |
status: | Unknown → Fix Released |
Changed in nano (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Low |
To post a comment you must log in.
Nano 2.2.4 is available from Debian unstable right now.
All changes from 2.2.2 to 2.2.4 are bugfixes, as it's a stable branch, which no translation changes, etc. ubuntu-security, please advise if you want a new release or a patch.
I'm pasting the changelog entries since upstream 2.2.2.
GNU nano 2.2.4 - 2010.04.15 nano.1, nanorc. 5: Remove the backup file warnings now
2010-04-07 Chris Allegretta <email address hidden>
* doc/man/
that a sufficient security fix exists for the backup file code.
2010-04-14 Chris Allegretta <email address hidden>
modification check if the filename changed, since we have no way
* text.c (do_alt_speller): Skip invoking the alt speller if the file size
is 0 bytes. Fixes Savannah bug 29393 reported by Mike Frysinger.
* files.c (wirte_file): Don't set current_stat when tmp == TRUE, check
whether current_stat is set when trying to use it, and don't do the
of knowing about it in that case. Fixes Savannah bug 29392, reported
by Mike Frysinger. [CVE-2010-1160]
2010-04-13 Felipe Bugno <email address hidden> cmake.nanorc: Added cmake syntax highlighting file.
* doc/syntax/
2010-04-09 Chris Allegretta <email address hidden>
[CVE- 2010-1161]
* files.c (do_writeout): Better security fixes for backup file writing,
mangled from submission by Dan Rosenberg <dan.j.rosenberg at gmail>
2010-04-08 Chris Allegretta <email address hidden>
* files.c (do_writeout): Previous fixes should not cause a crash
when saving a new file. Discovered by Mike Frysinger <email address hidden>.
2010-04-07 Chris Allegretta <email address hidden> nano.1, nanorc. 5: Add warnings about using backup
* doc/man/
mode as root due to the Dan Rosenberg security analysis.
2010-04-02 Chris Allegretta <email address hidden>
* files.c (do_writeout): Expand modification check to include both the
original file's device ID and inode number as reasons to warn the
user that the file has been modified. Also abort on writing a backup
file when its owner doesn't match the edited file. Based on security
analysis on nano by Dan Rosenberg. [CVE-2010-1160]
2010-03-21 Chris Allegretta <email address hidden>
* nano.c (page_stdin et al): Don't attempt to reset/reopen the terminal
settings when reading stdin if it was aborted with SIGINT. May fix Savannah
bug 29114 reported by Mike Frysinger.
2010-03-21 Mike Frysinger <email address hidden> c.nanorc: Add additional support for #include_next and #pragma
* doc/syntax/
2010-03-21 Chris Allegretta <email address hidden>
* move.c (do_page_up, do_page_down()): Explicitly set current_y to 0 when paging
up when not in smooth scroll mode, as previous fixes would otherwise cause
the cursor to not really be moved to the stop of the screen.
2010-03-07 Chris Allegretta <email address hidden>
* configure.ac, nano.c (handle_sigwinch): Create check for whether LINES and
COLS can safely be redefined. Fixes compilation issues with cygwin, and likely
with newer versions of ncurses, fixes Savannah bug ...