On Wed, Jan 27, 2021 at 02:18:09PM +0100, Sebastian M. Ernst wrote:
Hi all,
quick question: I know Leap 15.1 has basically reached EOL, but CVE-2021-3156 looks IMHO severe enough to justify fixing it still.
Is this currently being considered by the community / SUSE (or has it been done and I simply overlooked it)?
I just ran the last / latest updates against a 15.1 system and it appears to be still vulnerable. I can built packages with the fix myself if needed, but an official update for this one could make a massive difference. I can only guess how many people are still behind (like me ...) with updating to 15.2.
The sudo update was released today for 15.1. My plan for 15.1 is to release the current Firefox and THunderbird updates announced yesterday, flush all pending updates out and then EOL 15.1. Ciao, Marcus