While you wait for an update, you can still guix install icecat --with-source=freetype='mirror://savannah/freetype/freetype-2.13.1.tar.xz'
Note that I did not let the compilation finish, it may fail somewhere along the way, but I expect it to work. Cheers, Edouard. Richmond via <help-guix@gnu.org> writes: > OK thanks, as far as I can tell then, it has not been patched. > > > On 19/03/2025 10:16, Edouard Klein wrote: >> On my system >> >> guix refresh --list-transitive icecat | grep -Eo '[^ ]*freetype[^ ]*' >> >> yields >> >> freetype@2.13.0 >> >> Then guix edit freetype@2.13.0 >> >> allows me to see exactly where the source is fetched from, and its hash. >> >> The manual is: >> https://guix.gnu.org/manual/devel/en/guix.html#Invoking-guix-refresh >> >> but if you don't know what terms to look for, the feature is hard to >> find. I did not remember "transitive", and found it by looking for >> "--list-dependant" which I remembered. >> >> You may be interested in guix graph, also. >> >> Cheers, >> >> Edouard. >> >> via <help-guix@gnu.org> writes: >> >>> How do I know which version of libfreetype6 Icecat is using? My debian >>> system has been updated with a fix to the vulnerability. But Icecat, >>> being installed with guix, carries with it I think its own version of >>> this library, as it is not a dynamic executable. >>> >>> https://security-tracker.debian.org/tracker/CVE-2025-27363
