Fedora has issued an advisory today (February 15):
Mageia 8 is also affected.
Patch available from Fedora
pushed by papoteur in mga8:
Patch available from Fedora =>
I don't know how to test it.
This package is used by deluge, a bittorrent client.
MGA8-64 Plasma on Lenovo B50 in Dutch.
No installation issues.
Took hint from papoteur, put a trace on deluge and used this one to access a torrent download file from LibreOffice.org.
$ strace -o ptyhrencodetxt deluge
That worked OK and in thetrace file I found multiple references to the python3-rencode files.
OK for me.
Advisory committed to svn as ...
subject: Updated python-rencode packages fix security vulnerability
The rencode package through 1.0.6 for Python allows an infinite loop in
typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that
consumes CPU and memory. (CVE-2021-40839)
An update for this issue has been pushed to the Mageia Updates repository.