fixing the vulnerability in linux-f10-pango-1.22.3_1
Tom Uffner
tom at uffner.com
Sun Feb 13 22:05:18 UTC 2011
is there any point in trying to update linux-f10-pango to address this
vulnerability?
Affected package: linux-f10-pango-1.22.3_1
Type of problem: pango -- integer overflow.
Reference:
<http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035.html>
I realize that I can install it w/ DISABLE_VULNERABILITIES. but I hate
having known exploits on my system & not installing it breaks flashplugin
and acroread (among others).
I've never tried to create or modify a linux emulation port before; so I'm
wondering just how annoying & tedious it's going to be?
it looks like there are no Fedora 10 RPMs of pango > 1.24 so it would
probably involve finding an F10 box and building one from source.
But would updating just Pango be possible? Or would it start the "RPM Hell"
avalanche and require me to re-roll all of my linux ports?
Is it time for a complete upgrade of our Linux ports to Fedora 14? or some
other distro that is easier to track & update?
tom
More information about the freebsd-ports
mailing list