Debian-LTS has issued an advisory on August 4: https://www.debian.org/lts/security/2021/dla-2732 Mageia 8 is also affected.
Actually these issues were fixed upstream in 2.5.4, so we're not affected.
Status comment: (none) => Fixed upstream in 2.5.4Source RPM: openexr-2.5.7-1.mga8.src.rpm => openexr-2.3.0-2.4.mga7.src.rpmResolution: (none) => OLDStatus: NEW => RESOLVEDVersion: Cauldron => 7