Upstream has issued an advisory on November 14: http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc The issue is fixed upstream in 3.1.14, and a link to the commit that fixed it is in the message above. Mageia 6 is also affected. We may also be affected by these older advisories that were fixed in versions after 3.1.6: http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc As I recall, this package was dropped due to being unnecessary. I don't know why it was re-imported.
CC: (none) => geiger.david68210Whiteboard: (none) => MGA6TOO
Status comment: (none) => Fixed upstream in 3.1.14, package should probably be dropped
Depends on: (none) => 23249
Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO
Whiteboard: MGA7TOO, MGA6TOO => MGA7TOO
Package has been (mercifully) dropped from Cauldron.
Status comment: Fixed upstream in 3.1.14, package should probably be dropped => Fixed upstream in 3.1.14Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED