There was a follow-up CVE because the fix introduced a UaF see: https://bugzilla.opensuse.org/show_bug.cgi?id=1206547