Can somebody please explain to me why this fixed version isn’t released for everyone by now? Debian and Fedora got that update a couple days ago. Would love to understand what am I missing here.
It doesn’t appear to be an imminent threat. There are no reports of exploitation just yet, and it appears to also be uncertain whether it could indeed lead to remote code execution. Furthermore, the attack vector can be mitigated for now by simply avoiding MMS streams.