summaryrefslogtreecommitdiffstats
path: root/debian/NEWS
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 09:55:51 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 09:55:51 +0000
commit0ae57c13c2b61646cc70617eb118ccb3fc19e995 (patch)
tree3760e33eb72a4955ffa88d9cfa60579bab714dd6 /debian/NEWS
parentAdding upstream version 3.6.12. (diff)
downloadgitolite3-0ae57c13c2b61646cc70617eb118ccb3fc19e995.tar.xz
gitolite3-0ae57c13c2b61646cc70617eb118ccb3fc19e995.zip
Adding debian version 3.6.12-1.debian/3.6.12-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/NEWS')
-rw-r--r--debian/NEWS12
1 files changed, 12 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..bb14449
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,12 @@
+gitolite3 (3.5.3.1-1) unstable; urgency=medium
+
+ * This release removes world+group read permissions from
+ ~gitolite3/repositories, and world+group read+execute permissions from
+ ~gitolite3/repositories/{gitolite-admin,testing}.git. This corrects a
+ local information leak present in (at least) version 3.5.2-1 (see
+ CVE-2013-7203). Note that if these repositories have been moved from
+ their standard locations, the adminstrator will have do their own
+ adjusting of permissions.
+
+ -- David Bremner <bremner@debian.org> Fri, 03 Jan 2014 20:39:32 -0400
+