Re: libcairo2 and gimp 2.2.6
On 07/23/2006 08:01 AM, Florian Kulzer wrote:
Regarding the libcairo2 problem: You are right, it is not
available in Sarge. (I did not really check before.) It is
also not possible to just install the version from testing
since they require a different version of libc6. I
downloaded gimp 2.2.6-1sarge1 and checked it with ldd: It
also links against libcairo.so.2. So it seems that we have
a bug here, probably introduced when the maintainer
recompiled the gimp package after incorporating the
security fix. You should file a bug report against gimp. It
is very easy if you use the package "reportbug" which will
automatically include the relevant information about your
system. Give it a title like "2.2.6-1sarge1 links against
libraries from testing" and include the output of "ldd
$(which gimp) | grep 'not found'" in the bug report. The
maintainer can probably fix it quickly.
If you need to work with gimp in the meantime then you can
downgrade to an older version which is most likely still in
your package cache. Just do not open any .xcf files from
untrusted sources since the older version is vulnerable to
the buffer overflow exploit.
I just started reading this thread, so I hope I'm not asking
anyone to rehash a lot of the discussion.
I'm using Sarge, and I recently upgraded my gimp to
2.2.6-1sarge1 per the security recommendation. I used
"aptitude --download-only upgrade" followed later by "aptitude
upgrade."
The upgrade went through without any problems, and I'm able to
launch gimp normally. When I do 'ldd `which gimp`' I don't see
any reference to libcairo2. My sources.list only contains
Sarge repositories, and I haven't done any apt-pinning.
My current gimp and gimp-data packages were automatically
downloaded from security.debian.org by aptitude. Gimp works
here and is not dependent upon libcairo2 here.
Reply to: