Quoting Jan Henrik Sylvester <m...@janh.de> (from Mon, 14 Feb 2011
10:35:05 +0100):
There is one more problem to solve:
http://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html
That mail go unanswered (at least as far as the mailing list archive
goes). Probably, the procedure above would have to be put into a
shell script for a willing commiter to repeat. Every time this
vulnerability comes up at ports@ or emulation@, some commitor ask
for a (trusted) rpm to fix it. Thus, there might be one.
There was another person doing something similar too. I got a little
step-by-step guide how he did it. Currently (after two months without
time to have a look at it) I am downloading an F10 install image which
I want to feed to virtualbox to compile a fixed pango version. If
nothing urgent interferes, you can expect a commit in the not so
distant future (maybe not today, maybe not tomorrow, but maybe next
week).
For me, the real question is: Considering the age of Fedora 10 and
the time it has not been supported anymore, it is likely that there
are more vulnerabilities in our Linux-f10 framework that are not
documented in our vulnerability database. Does fixing the pango
vulnerability really make the Linux emulation save? (Is it worse the
it?)
Good question. Feel free to have a look at the RPMs from
linux_base-f10 and find out if there are unfixed vulnerabilities.
Bye,
Alexander.
--
Make it right before you make it faster.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
