Date: Sun, 13 Feb 2011 16:53:59 -0500 From: Tom Uffner <tom@uffner.com> To: freebsd-ports@freebsd.org Subject: fixing the vulnerability in linux-f10-pango-1.22.3_1 Message-ID: <4D5852F7.2010106@uffner.com>
next in thread | raw e-mail | index | archive | help
is there any point in trying to update linux-f10-pango to address this vulnerability? Affected package: linux-f10-pango-1.22.3_1 Type of problem: pango -- integer overflow. Reference: <http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035.html>; I realize that I can install it w/ DISABLE_VULNERABILITIES. but I hate having known exploits on my system & not installing it breaks flashplugin and acroread (among others). I've never tried to create or modify a linux emulation port before; so I'm wondering just how annoying & tedious it's going to be? it looks like there are no Fedora 10 RPMs of pango > 1.24 so it would probably involve finding an F10 box and building one from source. But would updating just Pango be possible? Or would it start the "RPM Hell" avalanche and require me to re-roll all of my linux ports? Is it time for a complete upgrade of our Linux ports to Fedora 14? or some other distro that is easier to track & update? tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D5852F7.2010106>