Update Git to 2.6.1
http://www.openwall.com/lists/oss-security/2015/10/06/1
Looks like 'recursive clone' over some untrusted protocols can cause code execution. I think this does not directly affect GitLab because we do our own protocol whitelisting when importing repositories, and SSH/HTTPS are safe. Also we do not do recursive clone to my knowledge.
Nevertheless I think it is a good idea to upgrade the bundled Git anyway.
cc @marin