Debian-LTS has issued an advisory on November 25:
Debian has a patch. From the CVE entry, it sounds like the version in Cauldron may be new enough to contain the fix.
Patched package uploaded for Mageia 5.
Updated perl-SOAP-Lite package fixes security vulnerability:
It was discovered that there was a "Billion Laughs"  XML expansion
vulnerability in SOAP::Lite (CVE-2015-8978).
Updated packages in core/updates_testing:
No previous updates for this.
Some applications using it:
chronicle looks the simplest; no man page nor /usr/share/ info, but:
$ chronicle -h
$ chronicle --manual
has good information. I tried it by creating a directory 'chronicle' with a few simple text files as prescribed; then
$ chronicle --input chronicle --output chronicle
and pointing a browser at file://localhost/home/lewis/chronicle/index.html showed the nice result. Alas, stracing it showed no calls to SOAP anything.
BEFORE update: perl-SOAP-Lite-1.110.0-4.mga5
AFTER clean update: perl-SOAP-Lite-1.110.0-4.1.mga5
FWIW chronicle result same before & after, but this is probably meaningless.
Better, I have just added this advisory (OK) which may have exercised it - see mga-advisories above.
OKing & validating.
An update for this issue has been pushed to the Mageia Updates repository.