fixing the vulnerability in linux-f10-pango-1.22.3_1

Tom Uffner tom at
Sun Feb 13 22:05:18 UTC 2011

is there any point in trying to update linux-f10-pango to address this

Affected package: linux-f10-pango-1.22.3_1
Type of problem: pango -- integer overflow.

I realize that I can install it w/ DISABLE_VULNERABILITIES. but I hate
having known exploits on my system & not installing it breaks flashplugin
and acroread (among others).

I've never tried to create or modify a linux emulation port before; so I'm
wondering just how annoying & tedious it's going to be?

it looks like there are no Fedora 10 RPMs of pango > 1.24 so it would
probably involve finding an F10 box and building one from source.

But would updating just Pango be possible? Or would it start the "RPM Hell"
avalanche and require me to re-roll all of my linux ports?

Is it time for a complete upgrade of our Linux ports to Fedora 14? or some
other distro that is easier to track & update?


More information about the freebsd-ports mailing list