Bug#359234: binNMU request: subversion on i386 only

To: debian-release@lists.debian.org
Subject: Bug#359234: binNMU request: subversion on i386 only
From: Peter Samuelson <peter@p12n.org>
Date: Mon, 27 Mar 2006 21:31:08 -0600
Message-id: <[🔎] 20060328033108.GN18797@p12n.org>

Could somebody kick a buildd to binNMU subversion 1.3.0-4 on i386 only?
A well-known bug where we don't cleanse quite all the rpaths suddenly
became a security issue because the last version uploaded on i386 was
built in /tmp, so the two apache modules have built-in rpaths that
would let an attacker inject code by putting it in a specific hierarchy
under /tmp before apache2 is started / restarted.

The actual fix is to nuke the rpaths, and that's what I'll do next, but
I'm not certain how long it will take to figure out how to do it
properly.  The interim fix would be a binNMU which is not built under a
directory that will be world-readable on Debian systems.  This is only
needed on i386 because the other architectures auto-built it already,
in their usual locations.

Thanks,
Peter

Reply to:

Follow-Ups:
- Re: Bug#359234: binNMU request: subversion on i386 only
  - From: Bill Allombert <ballombe@master.debian.org>
- Re: Bug#359234: binNMU request: subversion on i386 only
  - From: Peter Samuelson <peter@p12n.org>

Prev by Date: Re: bug in tar 1.14-2.1
Next by Date: Re: removing xdelta?
Previous by thread: Re: I wanted to say Cinelerra, not Kaffeine
Next by thread: Re: Bug#359234: binNMU request: subversion on i386 only
Index(es):
- Date
- Thread