freeimage 3.18.0 has multiple unfixed vulnerabilities

Description:

Among others, freeimage 3.18.0 is susceptible to the following vulnerabilities:

• CVE-2023-47992
• CVE-2023-47993
• CVE-2023-47994
• CVE-2023-47995
• CVE-2023-47996

Additional info:

NixOS decided to mark freeimage as unfixably vulnerable, and decided to remove most packages that have a hard dependency on it: https://github.com/NixOS/nixpkgs/pull/280835

added priority3-normal severity4-low statusunconfirmed labels

assigned to @freswa, @toolybird, and @gromit

added scopesecurity statusconfirmed labels and removed statusunconfirmed label

assigned to @svenstaro, @foxboron, @anthraxx, @shibumi, @sangy, @rgacogne, and @denisse and unassigned @freswa, @toolybird, and @gromit

Good call. I started a todo list here: https://archlinux.org/todo/drop-freeimage/. We'll work through that and hopefully no package really needs freeimage at this point.

mentioned in commit forge@9ebfc1e6

mentioned in commit ogre@b7f86a40

mentioned in commit ogre-next@402f905d

mentioned in commit arrayfire@5297ad0b

mentioned in commit opencascade@d2cd1ad4

mentioned in issue imv#3 (closed)

@felixonmars any progress on your packages?

Most of them have patches available now. I'll try to integrate them soon.

Friendly ping

Fixed deepin-image-editor already. Still working on the others x)