SUSE has issued an advisory today (May 19): https://lists.suse.com/pipermail/sle-security-updates/2022-May/011095.html libbson (part of the mongo-c-driver SRPM) is also affected. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
yajl is a homeless package, so assigning this update globally for that. mongo-c-driver is done by Guillaume, so CC'ing you for that. But you might perhaps also do the yajl part?.
CC: (none) => guillomovitchAssignee: bugsquad => pkg-bugs
For yajl, cauldron is updated. In mageia 8, there is now: lib64yajl2-2.1.0-4.mga8 yajl-2.1.0-4.mga8 lib64yajl-devel-2.1.0-4.mga8 From the source: yajl-2.1.0-4.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 8CC: (none) => yves.brungard_mageiaWhiteboard: MGA8TOO => (none)
I see that mongo-c-driver is updated to 1.21.2 in cauldron but has not been touched in Mageia 8
Assigning back to papoteur, as mongo-c-driver has not been fixed yet.
Status comment: (none) => yajl patched, mongo-c-driver still needs to be patchedAssignee: qa-bugs => yves.brungard_mageia
RedHat has issued an advisory for this today (November 8): https://access.redhat.com/errata/RHSA-2022:7524
Depends on: (none) => 32072
Mageia 8 EOL
Resolution: (none) => OLDCC: (none) => nicolas.salgueroStatus: NEW => RESOLVED