A security issue fixed upstream in oniguruma has been announced on September 30:
The commit that fixed the issue is linked in the message above.
Mageia 7 is also affected.
Fedora has issued an advisory for this on October 6:
Debian-LTS has issued an advisory for this today (November 5):
Done for both Cauldron and mga7!
Updated oniguruma packages fix security vulnerability:
In Oniguruma, an attacker able to supply a regular expression for compilation
may be able to overflow a buffer by one byte in concat_opt_exact_str in
Updated packages in core/updates_testing:
Installed the update and looked at previous bugs 25843 and 24338, that is stuff out of my league.
Cann't say no more than that it does not harm my system.