Security issues found in RPM have been announced on May 4: https://www.openwall.com/lists/oss-security/2021/05/04/2 One of these is CVE-2021-20271: https://bugzilla.redhat.com/show_bug.cgi?id=1934125 I'm not sure about the other one. Mageia 7 and Mageia 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOO
Fedora has issued an advisory for this on March 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/ I believe these are fixed in 4.16.1.3.
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOSummary: rpm new security issues (include CVE-2021-20271) => rpm new security issues (including CVE-2021-3421, CVE-2021-20266, and CVE-2021-20271)Status comment: (none) => Fixed upstream in 4.16.1.3Source RPM: rpm-4.16.1.3-3.mga9.src.rpm => rpm-4.16.1.2-1.mga8.src.rpmVersion: Cauldron => 8
Removing Mageia 7 from whiteboard due to EOL: https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Whiteboard: MGA7TOO => (none)
We're covered by https://advisories.mageia.org/MGASA-2021-0167.html then *** This bug has been marked as a duplicate of bug 28674 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE
(unless you want to push an empty advisory?) (the details are in https://rpm.org/wiki/Releases/4.16.1.3)