openSUSE has issued an advisory today (March 3):
Mageia 8 is also affected.
Patches available from upstream and openSUSE
The updated packages fix a security vulnerability:
Double-free vulnerability in contrib/shpsort.c. (CVE-2022-0699)
Updated packages in core/updates_testing:
Patches available from upstream and openSUSE =>
AFAIK from the XML documentation, shapelib is a developers tool to overcome the rectangular bias of Xlib; i.e. to provide curves and circles, shadows and other things.
whatrequires lists gnudl, gpsbabel, marble, and roadmap as needing the shp2 library but before updating an strace of marble did not indicate that shp2 was involved in running it. Might depend on circumstances.
Updated the three packages and tried marble again, Earth view - open street map and atlas. Toured Apollo sites on the moon. The trace did not indicate any direct use of the lib64shp2 library. Tried the open street map view in marble and printed out a map of a section of Copenhagen. Still nothing in the trace. However, marble is definitely working without regressions.
plplot might be a better bet but don't know how to use it. roadmap probably needs a GPS device - none available.
Leaving this as it stands. Inclined to assign OK but maybe somebody else would like a shot?
Validating. Advisory in Comment 1.
An update for this issue has been pushed to the Mageia Updates repository.