Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Feb 2011 12:17:15 +0100
From:      Alexander Leidinger <Alexander@Leidinger.net>
To:        Jan Henrik Sylvester <me@janh.de>
Cc:        ports-list freebsd <freebsd-ports@freebsd.org>, Matthias Andree <matthias.andree@gmx.de>, Tony Sim <y2s1982@gmail.com>, Tom Uffner <tom@uffner.com>
Subject:   Re: fixing the vulnerability in linux-f10-pango-1.22.3_1
Message-ID:  <20110218121715.11893hzn937sgksg@webmail.leidinger.net>
In-Reply-To: <4D58F749.1000106@janh.de>
References:  <4D5852F7.2010106@uffner.com> <4D5880EF.4020002@gmx.de> <4D58F749.1000106@janh.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Quoting Jan Henrik Sylvester <me@janh.de> (from Mon, 14 Feb 2011  
10:35:05 +0100):

> There is one more problem to solve:  
> http://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html
>
> That mail go unanswered (at least as far as the mailing list archive  
> goes). Probably, the procedure above would have to be put into a  
> shell script for a willing commiter to repeat. Every time this  
> vulnerability comes up at ports@ or emulation@, some commitor ask  
> for a (trusted) rpm to fix it. Thus, there might be one.

There was another person doing something similar too. I got a little  
step-by-step guide how he did it. Currently (after two months without  
time to have a look at it) I am downloading an F10 install image which  
I want to feed to virtualbox to compile a fixed pango version. If  
nothing urgent interferes, you can expect a commit in the not so  
distant future (maybe not today, maybe not tomorrow, but maybe next  
week).

> For me, the real question is: Considering the age of Fedora 10 and  
> the time it has not been supported anymore, it is likely that there  
> are more vulnerabilities in our Linux-f10 framework that are not  
> documented in our vulnerability database. Does fixing the pango  
> vulnerability really make the Linux emulation save? (Is it worse the  
> it?)

Good question. Feel free to have a look at the RPMs from  
linux_base-f10 and find out if there are unfixed vulnerabilities.

Bye,
Alexander.

-- 
Make it right before you make it faster.

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110218121715.11893hzn937sgksg>