Could somebody kick a buildd to binNMU subversion 1.3.0-4 on i386 only? A well-known bug where we don't cleanse quite all the rpaths suddenly became a security issue because the last version uploaded on i386 was built in /tmp, so the two apache modules have built-in rpaths that would let an attacker inject code by putting it in a specific hierarchy under /tmp before apache2 is started / restarted.
The actual fix is to nuke the rpaths, and that's what I'll do next, but I'm not certain how long it will take to figure out how to do it properly. The interim fix would be a binNMU which is not built under a directory that will be world-readable on Debian systems. This is only needed on i386 because the other architectures auto-built it already, in their usual locations. Thanks, Peter
signature.asc
Description: Digital signature
