Package: git Version: 1:1.7.8~rc2-1 Severity: important Tags: upstream fixed-upstream
Hi Gerrit and Anders, v1.7.8-rc3 fixes a security hole for installations that enable remote update-archive access (regression introduced by v1.7.8-rc1~12^2~1, upload-archive: use start_command instead of fork, 2011-10-24). [1] has details. Luckily sid is not affected. I have prepared an upload for experimental at git://git.debian.org/~jrnieder-guest/git.git debian-experimental (commit bd4c77e0, candidate+patches at b5a4997e). This is not too urgent because installing experimental git in a public-facing installation with --enable=upload-archive would be a little insane. Hopefully it can save you time. Sincerely, Jonathan [1] http://thread.gmane.org/gmane.comp.version-control.git/185489/focus=185491 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
