gitolite3 (3.5.3.1-1) unstable; urgency=medium * This release removes world+group read permissions from ~gitolite3/repositories, and world+group read+execute permissions from ~gitolite3/repositories/{gitolite-admin,testing}.git. This corrects a local information leak present in (at least) version 3.5.2-1 (see CVE-2013-7203). Note that if these repositories have been moved from their standard locations, the adminstrator will have do their own adjusting of permissions. -- David Bremner Fri, 03 Jan 2014 20:39:32 -0400