More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2346987 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
In my opinion, the fix for this CVE can’t be backported as a patch with high confidence and a reasonable amount of effort. The fix https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 is not especially self-contained, and the code to which it applies has changed quite a bit since the version 20211102.0 that is packaged in EPEL9. Updating to a newer release would be an ABI-breaking update requireing https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/#process_for_incompatible_upgrades and could be disruptive to the packages that depend on abseil-cpp in EPEL9: bloaty, fastnetmon, grpc, ilbc, libarrow, and mozc. It might be possible to do something about this if someone is determined enough, but I won’t be that person.
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.