Fedora has issued an advisory today (May 7): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BIGOY2HN5ESENKKD7CAJ6WXXTRPRN47Q/ The issues are fixed upstream in 3.1.5 (already in Cauldron).
CC: (none) => nicolas.salgueroStatus comment: (none) => Fixed upstream in 3.1.5
This package is formally with ghibo, but NicolasS has done most recent updates, so assigning to you; CC'ing Giuseppe in hope. 3.1.5 (already in Cauldron) - thanks to luigi.
CC: nicolas.salguero => ghibomgxAssignee: bugsquad => nicolas.salguero
Indeed you are problably referring to openxr, which is not the same as openexr (OpenEXR). Anyway this package has a long list of dependency so upgrading to 3.1.x would probably break and need to recompile other dep packages. I looked at the github site and seems there is a version 2.5.8 with latest commits to march 2022, but haven't checked whether those include the security fixes.
s/problably/probably/
Assignee: nicolas.salguero => pkg-bugs
Mageia 8 EOL
CC: (none) => nicolas.salgueroStatus: NEW => RESOLVEDResolution: (none) => OLD