Package: gitosis Version: 0.2+20090917-11 Severity: important Tags: security
After upgrading a system from lenny to squeeze the post-update hook is a dangling symbolic link: # readlink ~gitosis/repositories/gitosis-admin.git/hooks/post-update /usr/share/python-support/gitosis/gitosis-0.2-py2.5.egg/gitosis/templates/admin/hooks/post-update # And the latter file of course does no longer exist. The bad part about this is that revoking permission via gitosis.conf does not have any effect anymore and this goes without any visible warning message in syslog whatsoever. (This is what makes me add the security tag. If the security team feels different, I ask them to remove the tag.) The intended link target seems to be /usr/share/pyshared/gitosis/templates/admin/hooks/post-update now. Given that filename has not been that constant in the past, but its contents have, I would suggest to copy it rather than link it. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
