Fedora has issued advisories on April 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G5W6FZ3SHSGCXUFGRQIKZ564GENLQWFW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MJ5Q7NNUPXATTBUKHFKIYYAV5GJDYCZL/ The issue is fixed upstream in cimg 2.9.3.
CC: (none) => geiger.david68210, nicolas.salgueroStatus comment: (none) => Fixed upstream in 2.9.3
Cauldron is at 2.9.7; DavidG already did the commit for this CVE long ago. Nov 24 2020 : new version: 2.9.3, fixes CVE-2020-25693 (mga#27651, bug 27651) Has this already gone out? Yes. In fact this bug looks like a duplicate of 27651. If you agree, David, please close it appropriately. In the circumstances, I hesitate in case I have it wrong.
Assignee: bugsquad => geiger.david68210CC: geiger.david68210 => (none)
Yep. *** This bug has been marked as a duplicate of bug 27651 ***
Resolution: (none) => DUPLICATEStatus: NEW => RESOLVED