Fedora has issued an advisory today (November 8): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E667ZUTXW46V6EUJTQQH5EQRFXF2EN4B/ The issue is fixed upstream in 28.2.0 (already in Cauldron).
openSUSE has issued an advisory for this today (November 20): https://lists.opensuse.org/opensuse-updates/2018-11/msg00096.html They also included libmatroska in the update.
As the tool has changed a lot, I'd prefer not push the latest version to MGA6 as an update.
Closing
Resolution: (none) => WONTFIXStatus: NEW => RESOLVED