Look here, builds are in progress for 5 hours or so: https://koji.fedoraproject.org/koji/packageinfo?packageID=280
It looks like they are stuck building on s390x architecture. On Wed, May 06, 2026 at 06:21:16PM +0200, Marius Schwarz wrote: > > Hi, > > the necessary updates are not to be found in bodhi, i assume someone missed > the > info: > > > [1]https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html > > CVE-2026-23918 is a double-free in Apache httpd 2.4.66 [2]mod_http2, > specifically in the stream cleanup path of h2_mplx.c. The bug triggers when a > client sends an HTTP/2 HEADERS frame immediately followed by RST_STREAM with a > non-zero error code on the same stream, before the multiplexer has registered > the stream.... whereas the RCE path requires an Apache Portable Runtime > ([3]APR > ) with the mmap allocator, which is the default on Debian-derived systems and > on the official httpd Docker image. ... -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
