From owner-freebsd-ports@FreeBSD.ORG  Sun Feb 13 22:05:18 2011
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8880D1065697
	for <freebsd-ports@freebsd.org>; Sun, 13 Feb 2011 22:05:18 +0000 (UTC)
	(envelope-from tom@uffner.com)
Received: from eris.uffner.com (uffner.com [66.208.243.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 3DE4B8FC17
	for <freebsd-ports@freebsd.org>; Sun, 13 Feb 2011 22:05:18 +0000 (UTC)
Received: from xiombarg.uffner.com
	(static-71-162-143-94.phlapa.fios.verizon.net [71.162.143.94])
	(authenticated bits=0)
	by eris.uffner.com (8.14.3/8.14.3) with ESMTP id p1DLs0XI018460
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256
	verify=FAIL)
	for <freebsd-ports@freebsd.org>; Sun, 13 Feb 2011 16:54:06 -0500 (EST)
	(envelope-from tom@uffner.com)
Message-ID: <4D5852F7.2010106@uffner.com>
Date: Sun, 13 Feb 2011 16:53:59 -0500
From: Tom Uffner <tom@uffner.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US;
	rv:1.9.1.15) Gecko/20101106 Lightning/1.0b1 SeaMonkey/2.0.10
MIME-Version: 1.0
To: freebsd-ports@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: fixing the vulnerability in linux-f10-pango-1.22.3_1
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Feb 2011 22:05:18 -0000

is there any point in trying to update linux-f10-pango to address this
vulnerability?

Affected package: linux-f10-pango-1.22.3_1
Type of problem: pango -- integer overflow.
Reference: 
<http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035.html>

I realize that I can install it w/ DISABLE_VULNERABILITIES. but I hate
having known exploits on my system & not installing it breaks flashplugin
and acroread (among others).

I've never tried to create or modify a linux emulation port before; so I'm
wondering just how annoying & tedious it's going to be?

it looks like there are no Fedora 10 RPMs of pango > 1.24 so it would
probably involve finding an F10 box and building one from source.

But would updating just Pango be possible? Or would it start the "RPM Hell"
avalanche and require me to re-roll all of my linux ports?

Is it time for a complete upgrade of our Linux ports to Fedora 14? or some
other distro that is easier to track & update?

tom