# linux-f10-* vulnerabilities 8.4-STABLE



## DeliciousD (May 2, 2014)

While trying to install www/linux-f10-flashplayer11 from ports per the handbook instructions, installation has been stopped by the vulnerability database flagging textproc/linux-f10-expat (CVE-2009-3720) and graphics/linux-f10-png. The expat vulnerability seemed safe enough to override, but the linux-f10-png one indicates remote code execution is possible (CVE-2011-3048). I don't know if there are any other uncorrected vulnerabilities, but how is one supposed to get Flash working in one's browser in this situation?


----------



## fonz (May 2, 2014)

If you meant to ask how to ignore the portaudit checks: set the DISABLE_VULNERABILITIES environment variable.
*DISCLAIMER: YOU DO SO AT YOUR OWN RISK.*

If you meant to ask when it's going to be fixed, I'm sorry but I have absolutely no idea.

If you meant to ask whether there's another way (besides www/linux-f10-flashplayer11 that is) to get Flash working in your browser, I'm not sure. There are standalone Flash players and decent movie players can handle the format as well, but that's probably not what you're asking.


----------



## DeliciousD (May 2, 2014)

fonz said:
			
		

> If you meant to ask whether there's another way (besides www/linux-f10-flashplayer11 that is) to get Flash working in your browser, I'm not sure. There are standalone Flash players and decent movie players can handle the format as well, but that's probably not what you're asking.



Thanks for the tip. There seems to be a consensus that Flash will be dropped in favor of HTML5. In the meantime I guess I'll use my Mac when I can't get around the Flash constraint since I'd rather not install something that could compromise my system.


----------

