Bug#359234: binNMU request: subversion on i386 only
Peter Samuelson
peter at p12n.org
Tue Mar 28 03:21:14 UTC 2006
Could somebody kick a buildd to binNMU subversion 1.3.0-4 on i386 only?
A well-known bug where we don't cleanse quite all the rpaths suddenly
became a security issue because the last version uploaded on i386 was
built in /tmp, so the two apache modules have built-in rpaths that
would let an attacker inject code by putting it in a specific hierarchy
under /tmp before apache2 is started / restarted.
The actual fix is to nuke the rpaths, and that's what I'll do next, but
I'm not certain how long it will take to figure out how to do it
properly. The interim fix would be a binNMU which is not built under a
directory that will be world-readable on Debian systems. This is only
needed on i386 because the other architectures auto-built it already,
in their usual locations.
Thanks,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-subversion-maintainers/attachments/20060327/05592f1f/attachment-0001.pgp
More information about the pkg-subversion-maintainers
mailing list