quick question: I know Leap 15.1 has basically reached EOL, but
CVE-2021-3156 looks IMHO severe enough to justify fixing it still.
Is this currently being considered by the community / SUSE (or has it
been done and I simply overlooked it)?
I just ran the last / latest updates against a 15.1 system and it
appears to be still vulnerable. I can built packages with the fix myself
if needed, but an official update for this one could make a massive
difference. I can only guess how many people are still behind (like me
...) with updating to 15.2.