linux-f10-pango -- integer overflow

D

drp

I'm wondering if it's safe to use DISABLE_VULNERABILITIES="yes" when installing linux-f10-pango, to bypass the integer overflow vulnerability. I want to install the Flash plugin, and this is the only thing keeping me from doing it. When I try to install www/nspluginwrapper, it stops because of the integer overflow vulnerability in linux-f10-pango. Is it safe to do this, or is it something I should definitely just accept and wait for an update to linux-f10-pango?
 
That update will probably never come, because linux-f10 isn't developed anymore, IIRC. I've seen no issues with this specific port, and I've been running it for many months.
 
Well, I did it and it's working fine now... I don't feel comfortable with just installing software with vulnerabilities, but it's the only way I see to get it working.
 
I haven't bothered with flash in almost a year now, but you can try hack the port dependencies and see if you can get flash working with a different pango library that isn't vulnerable. If there's a solution that isn't too hacky the port maintainer might even add it upstream.

Oh HTML5, when shall thee be a widespread reality.
 
drp said:
I'm wondering if it's safe to use DISABLE_VULNERABILITIES="yes" when installing linux-f10-pango, to bypass the integer overflow vulnerability. I want to install the Flash plugin, and this is the only thing keeping me from doing it. When I try to install www/nspluginwrapper, it stops because of the integer overflow vulnerability in linux-f10-pango. Is it safe to do this, or is it something I should definitely just accept and wait for an update to linux-f10-pango?
Click to expand...

Maybe it's not perfect to install software with vulnerabilities but it's the best way to make the system work :stud
 
You must log in or register to reply here.
Back
Top