SUSE has issued an advisory today (September 26): https://lists.suse.com/pipermail/sle-security-updates/2022-September/012382.html The issues are fixed upstream in 1.32 (1.33 was released today). Mageia 8 is also affected.
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4KYA7O77MLOZCR6FG5WEY5TZRITBLP2Y/
Status comment: (none) => Fixed upstream in 1.32Whiteboard: (none) => MGA8TOO
Debian-LTS has issued an advisory for most of these issues today (October 3): https://www.debian.org/lts/security/2022/dla-3132
Fedora has issued an advisory for this today (December 21): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/
Summary: snakeyaml new security issues CVE-2020-13936, CVE-2022-25857, CVE-2022-38749, CVE-2022-3875[0-2] => snakeyaml new security issues CVE-2020-13936, CVE-2022-25857, CVE-2022-38749, CVE-2022-3875[0-2], CVE-2022-41854
Ubuntu has issued an advisory for some of these issues on March 10: https://ubuntu.com/security/notices/USN-5944-1
Done for Cauldron, freeze_move requested!
CC: (none) => geiger.david68210
snakeyaml-1.32-1.mga9 moved.
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
Mageia 8 EOL
Resolution: (none) => OLDCC: (none) => nicolas.salgueroStatus: NEW => RESOLVED