SUSE has issued an advisory today (January 13): https://lists.suse.com/pipermail/sle-security-updates/2021-January/008193.html The issue is fixed upstream in 17.25.4. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed upstream in 17.25.4
Freeze push asked for cauldron.
Version: Cauldron => 7CC: (none) => mageiaWhiteboard: MGA7TOO => (none)
Version: 7 => CauldronWhiteboard: (none) => MGA7TOO
Re-reading the advisory, it looks like zypper needs updated to 1.14.41 too.
Status comment: Fixed upstream in 17.25.4 => Fixed upstream in libzypp 17.25.4 / zypper 1.14.41Source RPM: libzypp-17.20.0-6.mga8.src.rpm => libzypp-17.20.0-6.mga8.src.rpm, zypper-1.14.33-2.mga8.src.rpmSummary: libzypp new security issue CVE-2017-9271 => libzypp, zypper new security issue CVE-2017-9271
Done: in cauldron, Wed Jan 13, New version 1.14.42. Leaving this with NicolasL as already dealing with it. CC'ing cjw as the principle maintaner.
Assignee: bugsquad => mageiaCC: mageia => cjw
libzypp and zypper are now fixed in cauldron
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7
openSUSE has issued an advisory for this on January 14: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FB5G3FIS4OQH3FX723SLMBOC4P37HKHV/
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED