summaryrefslogtreecommitdiffstats
path: root/debian/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'debian/NEWS')
-rw-r--r--debian/NEWS12
1 files changed, 12 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..bb14449
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,12 @@
+gitolite3 (3.5.3.1-1) unstable; urgency=medium
+
+ * This release removes world+group read permissions from
+ ~gitolite3/repositories, and world+group read+execute permissions from
+ ~gitolite3/repositories/{gitolite-admin,testing}.git. This corrects a
+ local information leak present in (at least) version 3.5.2-1 (see
+ CVE-2013-7203). Note that if these repositories have been moved from
+ their standard locations, the adminstrator will have do their own
+ adjusting of permissions.
+
+ -- David Bremner <bremner@debian.org> Fri, 03 Jan 2014 20:39:32 -0400
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-06 20:58:33 +0000