Package: gitolite Severity: normal Dear Maintainer,
Gitolite users should be aware, that some or all configured usernames show up in the debug output of any ssh client, depending on the position of the accessing user's forced command in the gitolite authorized_keys configuration. e.G. if the public key of user "foo" is at position 4 in the authorized keys file, he can see the configured usernames 1-4, when using "ssh -v gitolite@server". If his key is at the end of the authorized_keys file, he can obtain _all_ configured usernames. For Details and example, see the original openssh-server bug entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org