Fedora has issued an advisory on March 21: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LF7ZNZRB7ZWDCS2NDR542KE56R7HWAON/ They don't link to any CVEs or RedHat bugs, but it says: * Fix bug in AES encryption affecting certain file sizes * Keep file permissions when modifying zip archives * Support systems with small stack size. * Add nullability annotations. of which probably either the first or second might have been a security issue, so these may correspond to upstream commits that can be backported.
Status comment: (none) => Fixed upstream in 1.5.2
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => geiger.david68210, marja11Assignee: bugsquad => pkg-bugs
CC: (none) => lists.jjorgeAssignee: pkg-bugs => lists.jjorge
Well, it is a very different code, with even a major changed. I think we should not try to cherry pick fixes, as Fedora also did no fix for version 28.
Assignee: lists.jjorge => pkg-bugs
Mageia 6 EOL
Status: NEW => RESOLVEDCC: (none) => nicolas.salgueroResolution: (none) => OLD