Fedora has issued an advisory today (May 11): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM/ I'm not sure if Mageia 8 is affected.
Status comment: (none) => Patch available from FedoraSee Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=30366
Blender is nominally with daviddavid, but has been dealt with by other people for nearly a year, so assigning this globally.
CC: (none) => geiger.david68210Assignee: bugsquad => pkg-bugs
Debian-LTS has issued an advisory on June 28: https://www.debian.org/lts/security/2022/dla-3060 It fixes two new CVEs (fixed upstream in 2.83.19) and the one Fedora fixed (fixed upstream, but possibly not in the 2.83.x branch).
Summary: blender new security issue CVE-2022-0546 => blender new security issues CVE-2022-054[4-6]Whiteboard: (none) => MGA8TOOStatus comment: Patch available from Fedora => Patches available from Debian and Fedora
Debian has issued an advisory for this on July 4: https://www.debian.org/security/2022/dsa-5176
On cauldron we have the 3.3.6 release so it should be fixed!
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Source RPM: blender-2.93.7-2.mga9.src.rpm => blender-2.83.10-3.1.mga8.src.rpm
Mageia 8 EOL
CC: (none) => nicolas.salgueroStatus: NEW => RESOLVEDResolution: (none) => OLD