Re: Updating linux-pango
Gerard ges...@yahoo.com writes: Affected package: linux-pango-1.10.2_3 Type of problem: pango -- integer overflow. Reference: http://www.FreeBSD.org/ports/portaudit/4b172278-3f46-11de-becb-001cc0377035.html This problem has existed for awhile now. Unless: DISABLE_VULNERABILITIES=yes is used, linux-pango and any port that depends on it will refuse to build. Is there any information on when this problem will be resolved? I really do not like intentionally installing a program with a potential security problem; however, in this case I have no choice. Usually a search at archieves of FreeBSD maillists may be helpful: http://lists.freebsd.org/pipermail/freebsd-questions/2009-June/200565.html WBR -- bsam ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating linux-pango
On Wed, 17 Jun 2009 21:11:51 +0400 Boris Samorodov b...@ipt.ru wrote: Gerard ges...@yahoo.com writes: Affected package: linux-pango-1.10.2_3 Type of problem: pango -- integer overflow. Reference: http://www.FreeBSD.org/ports/portaudit/4b172278-3f46-11de-becb-001cc0377035.html This problem has existed for awhile now. Unless: DISABLE_VULNERABILITIES=yes is used, linux-pango and any port that depends on it will refuse to build. Is there any information on when this problem will be resolved? I really do not like intentionally installing a program with a potential security problem; however, in this case I have no choice. Usually a search at archieves of FreeBSD maillists may be helpful: http://lists.freebsd.org/pipermail/freebsd-questions/2009-June/200565.html WBR That does not supply an answer. -- Jerry ges...@yahoo.com What I want is all of the power and none of the responsibility. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Updating linux-pango
On Wednesday 17 June 2009 11:53:59 Jerry wrote: That does not supply an answer. And that was a lot of quoting for a post that only shows you are running in pedantic mode. But let me clarify for the joyful moment that the next poor soul bitten by this issue searches the list archive: - there is no available upgrade from upstream - port maintainer does not have the time/resources to repack the rpm without the vulnerability - if/when an rpm has been found that is not vulnerable, the port will be updated. - the time frame for the above ranges from the near to the infinite future. - users are encouraged to use their covert channels into the penguin world to inquire about fc4 compatible non-vulnerable rpm's for the pango software and relay this information to the hard working port maintainer if such has been located. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org