openSUSE has issued an advisory on June 3: https://lists.opensuse.org/opensuse-updates/2019-06/msg00011.html I've found info saying it was never addressed upstream, but Ubuntu's info page had a link to an upstream commit, and SUSE said some fix had been backported. RH/Fedora had said it wasn't affected because of a config option that I don't see in Fedora's current package (and we don't have our own local config like they do), so I'm not sure if it affects us (still) or not.
Assigning to wally as the registered maintainer for this package.
Assignee: bugsquad => jani.valimaa
IINM this was fixed in 1.12.0 and backported later to 1.10.14. In mga7 we have 1.18.2.
Thanks.
Resolution: (none) => INVALIDStatus: NEW => RESOLVED