fixing the vulnerability in linux-f10-pango-1.22.3_1

Alexander Leidinger Alexander at
Fri Feb 18 11:43:05 UTC 2011

Quoting Jan Henrik Sylvester <me at> (from Mon, 14 Feb 2011  
10:35:05 +0100):

> There is one more problem to solve:  
> That mail go unanswered (at least as far as the mailing list archive  
> goes). Probably, the procedure above would have to be put into a  
> shell script for a willing commiter to repeat. Every time this  
> vulnerability comes up at ports@ or emulation@, some commitor ask  
> for a (trusted) rpm to fix it. Thus, there might be one.

There was another person doing something similar too. I got a little  
step-by-step guide how he did it. Currently (after two months without  
time to have a look at it) I am downloading an F10 install image which  
I want to feed to virtualbox to compile a fixed pango version. If  
nothing urgent interferes, you can expect a commit in the not so  
distant future (maybe not today, maybe not tomorrow, but maybe next  

> For me, the real question is: Considering the age of Fedora 10 and  
> the time it has not been supported anymore, it is likely that there  
> are more vulnerabilities in our Linux-f10 framework that are not  
> documented in our vulnerability database. Does fixing the pango  
> vulnerability really make the Linux emulation save? (Is it worse the  
> it?)

Good question. Feel free to have a look at the RPMs from  
linux_base-f10 and find out if there are unfixed vulnerabilities.


Make it right before you make it faster.    Alexander @ PGP ID = B0063FE7       netchild @  : PGP ID = 72077137

More information about the freebsd-ports mailing list