fixing the vulnerability in linux-f10-pango-1.22.3_1
Alexander Leidinger
Alexander at Leidinger.net
Fri Feb 18 11:43:05 UTC 2011
Quoting Jan Henrik Sylvester <me at janh.de> (from Mon, 14 Feb 2011
10:35:05 +0100):
> There is one more problem to solve:
> http://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html
>
> That mail go unanswered (at least as far as the mailing list archive
> goes). Probably, the procedure above would have to be put into a
> shell script for a willing commiter to repeat. Every time this
> vulnerability comes up at ports@ or emulation@, some commitor ask
> for a (trusted) rpm to fix it. Thus, there might be one.
There was another person doing something similar too. I got a little
step-by-step guide how he did it. Currently (after two months without
time to have a look at it) I am downloading an F10 install image which
I want to feed to virtualbox to compile a fixed pango version. If
nothing urgent interferes, you can expect a commit in the not so
distant future (maybe not today, maybe not tomorrow, but maybe next
week).
> For me, the real question is: Considering the age of Fedora 10 and
> the time it has not been supported anymore, it is likely that there
> are more vulnerabilities in our Linux-f10 framework that are not
> documented in our vulnerability database. Does fixing the pango
> vulnerability really make the Linux emulation save? (Is it worse the
> it?)
Good question. Feel free to have a look at the RPMs from
linux_base-f10 and find out if there are unfixed vulnerabilities.
Bye,
Alexander.
--
Make it right before you make it faster.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-ports
mailing list