Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2024/07/03/10 Mageia 9 is also affected.
Source RPM: (none) => p7zip-17.05-1.mga9.src.rpmWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-52168, CVE-2023-52169Status comment: (none) => Fixed in 7zip 24.01 beta
Not quite as obvious as it looks. https://github.com/p7zip-project/p7zip says v17.05 Latest Feb 20, 2023; but cites also 7zip whose homepage https://www.7-zip.org/ is entirely Windows, versions up to 24.07 2024/06/19. However, its download page https://www.7-zip.org/download.html includes 7-Zip 24.07 (2024-06-19): .tar.xz 64-bit Linux x86-64 7-Zip for Linux: console version .tar.xz 32-bit Linux x86 Assigning to DavidG who did earlier version updates.
Assignee: bugsquad => geiger.david68210