# linux-f10-pango -- integer overflow



## drp (Jul 30, 2010)

I'm wondering if it's safe to use DISABLE_VULNERABILITIES="yes" when installing linux-f10-pango, to bypass the integer overflow vulnerability. I want to install the Flash plugin, and this is the only thing keeping me from doing it. When I try to install www/nspluginwrapper, it stops because of the integer overflow vulnerability in linux-f10-pango. Is it safe to do this, or is it something I should definitely just accept and wait for an update to linux-f10-pango?


----------



## DutchDaemon (Jul 30, 2010)

That update will probably never come, because linux-f10 isn't developed anymore, IIRC. I've seen no issues with this specific port, and I've been running it for many months.


----------



## drp (Jul 30, 2010)

Well, I did it and it's working fine now... I don't feel comfortable with just installing software with vulnerabilities, but it's the only way I see to get it working.


----------



## aragon (Jul 31, 2010)

I haven't bothered with flash in almost a year now, but you can try hack the port dependencies and see if you can get flash working with a different pango library that isn't vulnerable.  If there's a solution that isn't too hacky the port maintainer might even add it upstream.

Oh HTML5, when shall thee be a widespread reality.


----------



## phoenix (Feb 25, 2011)

DutchDaemon said:
			
		

> That update will probably never come, because linux-f10 isn't developed anymore, IIRC. I've seen no issues with this specific port, and I've been running it for many months.



A new version of the x11-toolkits/linux-f10-pango port has hit the tree.


----------



## DutchDaemon (Feb 25, 2011)

Yes, I just saw it, right after hell froze over


----------



## Johny8 (Aug 8, 2011)

drp said:
			
		

> I'm wondering if it's safe to use DISABLE_VULNERABILITIES="yes" when installing linux-f10-pango, to bypass the integer overflow vulnerability. I want to install the Flash plugin, and this is the only thing keeping me from doing it. When I try to install www/nspluginwrapper, it stops because of the integer overflow vulnerability in linux-f10-pango. Is it safe to do this, or is it something I should definitely just accept and wait for an update to linux-f10-pango?



Maybe it's not perfect to install software with vulnerabilities but it's the best way to make the system work :stud


----------

