SUSE has issued an advisory on January 14: https://lists.suse.com/pipermail/sle-security-updates/2021-January/008200.html The actual CVEs are in the SUSE bug: https://bugzilla.suse.com/show_bug.cgi?id=1179908 The issues are fixed upstream in 2.1.3. Mageia 7 is also affected.
openSUSE has issued an advisory for this today (January 17): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5AAKYHQ4YQUHU54P5YEWAIU5PIP327GF/
Status comment: (none) => Fixed upstream in 2.1.3
Whiteboard: (none) => MGA7TOO
Hi, thanks for reporting this bug. As there is no maintainer for this package I added the committers in CC. (Please set the status to 'assigned' if you are working on it)
CC: (none) => jani.valimaa, joequant, mageia, ouaurelienAssignee: bugsquad => pkg-bugs
this is a little long to do. First is to package https://github.com/open-iscsi/open-isns as this is not bundled in anymore.
removed from mageia cauldron
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Status: NEW => RESOLVEDResolution: (none) => OLD