Ubuntu has issued an advisory today (April 9): https://usn.ubuntu.com/3622-1/ The CVE was originally for libXcursor, which was fixed in Bug 22102. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
Assignee: bugsquad => mageiaCC: (none) => marja11
Status comment: (none) => Patch available from Ubuntu
Fix was included in 1.16.0 upstream, which was uploaded to Cauldron by tv.
Whiteboard: MGA6TOO => (none)CC: (none) => thierry.vignaudVersion: Cauldron => 6
It turns out I already fixed this a year ago. *** This bug has been marked as a duplicate of bug 22241 ***
Resolution: (none) => DUPLICATEStatus: NEW => RESOLVED