[arch-dev-public] [signoff] nano 2.2.4-1 (CVE fixes)

Andreas Radke a.radke at arcor.de
Sun Apr 18 19:20:48 CEST 2010

Please signoff this upstream update quickly.


2010.04.15 - GNU nano 2.2.4 is nobody's fool.  First and foremost,
		this relase includes some security fixes due to
		an assessment of nano's vulnerability to symlink attacks
		on open files.  The CVEs fixed with this release are
		CVE-2010-1160 and CVE-2010-1161.  Also included are
fixes for various crash modes when using the spell checker
		on new files in multibuffer mode (surely you've used
		that combination recently? No?) as well as a fixing
		the 'file was modified' message when saving to a 
		new filename (since how would nano know?).  And
		the list would not be complete without our 
		third-times-the-charm fixes to page up/down due to
		the soft wrapping code.  The lone new feature 
		included is a new syntax higlighting definition for 
		cmake-related files.  Please do consider upgrading to
		this release if still using the 2.0 series since
		fixes for that version are still forthcoming.

More information about the arch-dev-public mailing list