Gentoo has issued an advisory on May 12: https://lwn.net/Articles/973479/ The problem is fixed in version 0.10.1.
Status comment: (none) => Fixed upstream in 0.10.1CVE: (none) => CVE-2023-31566, CVE-2023-31567Source RPM: (none) => podofo-0.9.8-2.mga9.src.rpm
Cauldron has 0.10.1 0.10.2 0.10.3 (thanks to Stig), so this if for M9 - as it says! Unsure where to push it: globally; CC'ing Stig who did the Cauldron updates but not earlier M9 ones.
CC: (none) => smelrorAssignee: bugsquad => pkg-bugs
SUSE has issued an advisory on July 2: https://lwn.net/Articles/980540/ They fix CVE-2023-3156[6-8] as well as other security issues: https://github.com/podofo/podofo/issues/66 https://github.com/podofo/podofo/issues/67 https://github.com/podofo/podofo/issues/69 https://github.com/podofo/podofo/issues/70 (CVE-2023-31566) https://github.com/podofo/podofo/issues/71 (CVE-2023-31567) https://github.com/podofo/podofo/issues/72 (CVE-2023-31568)
CVE: CVE-2023-31566, CVE-2023-31567 => CVE-2023-31566, CVE-2023-31567, CVE-2023-31568Summary: podofo new security issues CVE-2023-3156[67] => podofo new security issues CVE-2023-3156[6-8]