I don’t know if manjaro has a dedicated security team, but I noticed that Arch updated to the non-vulnerable version on the 19th and Manjaro on the 20th in unstable and testing, but not in stable.
I understand the reasons for the cycles between the 3 branches, but hence my query, since that particular update is available and could be done.
Note that certain conditions need to exist - especially the second condition mentioned - for an attack to be succesful.
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive) remote code execution relating to PKCS#11 providers
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met:
Exploitation requires the presence of specific libraries on the victim system.
Remote exploitation requires that the agent was forwarded to an attacker-controlled system.
This may suggest that gamers may fall prey to attacker if the attacker controls a popular game serving portal or similar which requires a ssh connection.
Likewise running illegally obtained cracked games could open the system for attack.