diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 09:55:51 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 09:55:51 +0000 |
commit | 0ae57c13c2b61646cc70617eb118ccb3fc19e995 (patch) | |
tree | 3760e33eb72a4955ffa88d9cfa60579bab714dd6 /debian/NEWS | |
parent | Adding upstream version 3.6.12. (diff) | |
download | gitolite3-0ae57c13c2b61646cc70617eb118ccb3fc19e995.tar.xz gitolite3-0ae57c13c2b61646cc70617eb118ccb3fc19e995.zip |
Adding debian version 3.6.12-1.debian/3.6.12-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/NEWS')
-rw-r--r-- | debian/NEWS | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..bb14449 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,12 @@ +gitolite3 (3.5.3.1-1) unstable; urgency=medium + + * This release removes world+group read permissions from + ~gitolite3/repositories, and world+group read+execute permissions from + ~gitolite3/repositories/{gitolite-admin,testing}.git. This corrects a + local information leak present in (at least) version 3.5.2-1 (see + CVE-2013-7203). Note that if these repositories have been moved from + their standard locations, the adminstrator will have do their own + adjusting of permissions. + + -- David Bremner <bremner@debian.org> Fri, 03 Jan 2014 20:39:32 -0400 + |