Fedora has issued an advisory today (January 29): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E4CXZWUOZELT7A5ZN6DJRQHX7L35V4PW/ The issue is fixed upstream in 23.2.2 (Fedora updated to 23.2.3). Mageia 7 may also be affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed upstream in 23.2.2
fixed in mga8
Version: Cauldron => 7CC: (none) => mageiaWhiteboard: MGA7TOO => (none)
Patched in erlang-23.2.1-3.mga8.
mga7 is not affected.
Resolution: (none) => INVALIDStatus: NEW => RESOLVED
(In reply to Nicolas Lécureuil from comment #3) > mga7 is not affected. Based on what? If it's really not affected, we should reset the version to Cauldron and close as FIXED.
Status: RESOLVED => REOPENEDResolution: INVALID => (none)
based on research i did :-) the CVE have been introduced by commit https://github.com/erlang/otp/commit/d24a220c3b867caef83026ba31d2656366da4322 we do not have this commit in mga7 cf: https://security-tracker.debian.org/tracker/CVE-2020-35733
Status: REOPENED => RESOLVEDVersion: 7 => CauldronResolution: (none) => FIXED