The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-80a466f7f5
zabbix7.0-7.0.11-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0d5707b1a1
lemonldap-ng-2.21.0-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
bird-2.16.2-1.el9
rust-crossbeam-channel-0.5.15-1.el9
rust-icu_collections-1.5.0-3.el9
rust-icu_locid-1.5.0-2.el9
rust-icu_provider_macros-1.5.0-1.el9
rust-jiff-0.2.6-1.el9
rust-litemap-0.7.3-5.el9
rust-openssl-0.10.72-1.el9
rust-openssl-sys-0.9.107-1.el9
rust-socketpair-0.19.6-1.el9
rust-tinystr-0.7.6-4.el9
rust-tokio-1.44.2-1.el9
rust-utf16_iter-1.0.5-1.el9
rust-write16-1.0.0-1.el9
rust-writeable-0.5.5-3.el9
rust-zerovec-0.10.4-4.el9
socnetv-3.2-1.el9
workrave-1.11.0~rc.1-1.el9
Details about builds:
================================================================================
bird-2.16.2-1.el9 (FEDORA-EPEL-2025-4e89ce2f98)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
BIRD 2.16.2 (2025-04-01)
BFD: password reconfiguration crash fix
L3VPN attribute fix
Table removal rare crash fix
Logging minor fix
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 7 2025 Robert Scheck <rob...@fedoraproject.org> - 2.16.2-1
- Upgrade to 2.16.2
* Thu Jan 16 2025 Fedora Release Engineering <rel...@fedoraproject.org> -
2.16.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-crossbeam-channel-0.5.15-1.el9 (FEDORA-EPEL-2025-0918c621c1)
Multi-producer multi-consumer channels for message passing
--------------------------------------------------------------------------------
Update Information:
Update to version 0.5.15.
Fixes a possible double-free when dropping an unbounded channel:
https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-channel-0.5.15
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini <decatho...@gmail.com> - 0.5.15-1
- Update to version 0.5.15; Fixes RHBZ#2358500
--------------------------------------------------------------------------------
================================================================================
rust-icu_collections-1.5.0-3.el9 (FEDORA-EPEL-2025-ef545b8853)
Collection of API for use in ICU libraries
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.5.0-3
- Stop packaging the bench feature, only relevant for CI
* Sun Jan 19 2025 Fedora Release Engineering <rel...@fedoraproject.org> -
1.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-icu_locid-1.5.0-2.el9 (FEDORA-EPEL-2025-ef545b8853)
API for managing Unicode Language and Locale Identifiers
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.5.0-2
- Fix a typo in the no-postcard patch, which was breaking the serde feature
* Mon Apr 7 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.5.0-1
- Initial package (close RHBZ#2358020)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-icu_provider_macros-1.5.0-1.el9 (FEDORA-EPEL-2025-ef545b8853)
Proc macros for ICU data providers
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.5.0-1
- Initial package (close RHBZ#2358105)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-jiff-0.2.6-1.el9 (FEDORA-EPEL-2025-a0dba7196a)
Date-time library that encourages you to jump into the pit of success
--------------------------------------------------------------------------------
Update Information:
0.2.6 (2025-04-07)
This release includes a few bug fixes.
Fixed Zoned rounding on days with DST time zone transitions.
Fixed bug where TimeZone::preceding could omit historical time zone
transitions for time zones that have eliminated DST in the present.
Fixed nth_weekday_in_month, where it would sometimes incorrectly return
an error.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.2.6-1
- Update to 0.2.6 (close RHBZ#2354299)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2354299 - rust-jiff-0.2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2354299
--------------------------------------------------------------------------------
================================================================================
rust-litemap-0.7.3-5.el9 (FEDORA-EPEL-2025-ef545b8853)
Key-value Map implementation based on a flat, sorted Vec
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 7 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.7.3-5
- Stop packaging the bench feature, only relevant for CI
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-openssl-0.10.72-1.el9 (FEDORA-EPEL-2025-13a0cac2ac)
OpenSSL bindings
--------------------------------------------------------------------------------
Update Information:
Update the openssl crate to version 0.10.72.
Update the openssl-sys crate to version 0.9.107.
This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after-
free issue in two public functions). A survey of dependent packages in Fedora
shows that none of them use the affected API, or do not use them in a way that
triggers this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini <decatho...@gmail.com> - 0.10.72-1
- Update to version 0.10.72; Fixes RHBZ#2357489
--------------------------------------------------------------------------------
================================================================================
rust-openssl-sys-0.9.107-1.el9 (FEDORA-EPEL-2025-13a0cac2ac)
FFI bindings to OpenSSL
--------------------------------------------------------------------------------
Update Information:
Update the openssl crate to version 0.10.72.
Update the openssl-sys crate to version 0.9.107.
This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 (a possible use-after-
free issue in two public functions). A survey of dependent packages in Fedora
shows that none of them use the affected API, or do not use them in a way that
triggers this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini <decatho...@gmail.com> - 0.9.107-1
- Update to version 0.9.107; Fixes RHBZ#2357490
--------------------------------------------------------------------------------
================================================================================
rust-socketpair-0.19.6-1.el9 (FEDORA-EPEL-2025-50fe194658)
Cross-platform socketpair functionality
--------------------------------------------------------------------------------
Update Information:
Dependency updates
Re-enable async-std and tokio support
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Michel Lind <sali...@fedoraproject.org> - 0.19.6-1
- Update to 0.19.6; Fixes: RHBZ#2350522
* Sun Jan 19 2025 Fedora Release Engineering <rel...@fedoraproject.org> -
0.19.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
0.19.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350522 - rust-socketpair-0.19.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350522
--------------------------------------------------------------------------------
================================================================================
rust-tinystr-0.7.6-4.el9 (FEDORA-EPEL-2025-ef545b8853)
Small ASCII-only bounded length string representation
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 7 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.7.6-4
- Restore the databake and zerovec features
* Sun Jan 19 2025 Fedora Release Engineering <rel...@fedoraproject.org> -
0.7.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
0.7.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 24 2024 Fabio Valentini <decatho...@gmail.com> - 0.7.6-1
- Update to version 0.7.6; Fixes RHBZ#2283703
* Sat Jan 27 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
0.7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Nov 25 2023 Fabio Valentini <decatho...@gmail.com> - 0.7.5-1
- Update to version 0.7.5; Fixes RHBZ#2250207
* Sat Oct 7 2023 Fabio Valentini <decatho...@gmail.com> - 0.7.4-1
- Update to version 0.7.4; Fixes RHBZ#2242008
* Sun Sep 24 2023 Fabio Valentini <decatho...@gmail.com> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#2240285
* Sat Jul 22 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu May 25 2023 Fabio Valentini <decatho...@gmail.com> - 0.7.1-1
- Update to version 0.7.1; Fixes RHBZ#2053217
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-tokio-1.44.2-1.el9 (FEDORA-EPEL-2025-c01af2c84f)
Event-driven, non-blocking I/O platform
--------------------------------------------------------------------------------
Update Information:
Update to version 1.44.2. This also addresses RUSTSEC-2025-0023.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Fabio Valentini <decatho...@gmail.com> - 1.44.2-1
- Update to version 1.44.2; Fixes RHBZ#2351817
--------------------------------------------------------------------------------
================================================================================
rust-utf16_iter-1.0.5-1.el9 (FEDORA-EPEL-2025-ef545b8853)
Iterator by char over potentially-invalid UTF-16 in &[u16]
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 7 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.0.5-1
- Initial package (close RHBZ#2358018)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-write16-1.0.0-1.el9 (FEDORA-EPEL-2025-ef545b8853)
UTF-16 analog of the Write trait
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 7 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.0.0-1
- Initial package (close RHBZ#2358015)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-writeable-0.5.5-3.el9 (FEDORA-EPEL-2025-ef545b8853)
More efficient alternative to fmt::Display
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.5.5-3
- Stop packaging the bench feature, only relevant for CI
* Sun Jan 19 2025 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
rust-zerovec-0.10.4-4.el9 (FEDORA-EPEL-2025-ef545b8853)
Zero-copy vector backed by a byte array
--------------------------------------------------------------------------------
Update Information:
Dependencies for the ICU4X 1.5 stack
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.10.4-4
- Stop packaging the bench feature, only relevant for CI
* Sun Jan 19 2025 Fedora Release Engineering <rel...@fedoraproject.org> -
0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the
Write trait
https://bugzilla.redhat.com/show_bug.cgi?id=2358015
[ 2 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over
potentially-invalid UTF-16 in &[u16]
https://bugzilla.redhat.com/show_bug.cgi?id=2358018
[ 3 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing
Unicode Language and Locale Identifiers
https://bugzilla.redhat.com/show_bug.cgi?id=2358020
[ 4 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros
for ICU data providers
https://bugzilla.redhat.com/show_bug.cgi?id=2358105
--------------------------------------------------------------------------------
================================================================================
socnetv-3.2-1.el9 (FEDORA-EPEL-2025-94fd1f5bf9)
A Social Networks Analyser and Visualiser
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2025 RI_Eugene <ti.eug...@gmail.com> - 3.2-1
- Version bump
* Sun Jan 19 2025 Fedora Release Engineering <rel...@fedoraproject.org> - 3.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Oct 16 2024 Jan Grulich <jgrul...@redhat.com> - 3.1-10
- Rebuild (qt6)
* Mon Jul 29 2024 Miroslav Suchý <msu...@redhat.com> - 3.1-9
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 3.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jul 13 2024 TI_Eugene <ti.eug...@gmail.com> 3.1-7
- Rebuild against fresh Qt6
- exclude x32 (temporary) for F40+
* Mon Jun 3 2024 Jan Grulich <jgrul...@redhat.com> - 3.1-6
- Rebuild (qt6)
* Sat Jan 27 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 3.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Dec 24 2023 TI_Eugene <ti.eug...@gmail.com> 3.1-4
- Rebuild against fresh Qt6
* Fri Jul 28 2023 TI_Eugene <ti.eug...@gmail.com> 3.1-3
- Rebuild against fresh Qt6
* Sat Jul 22 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
workrave-1.11.0~rc.1-1.el9 (FEDORA-EPEL-2025-85c41364aa)
Program that assists in the recovery and prevention of RSI
--------------------------------------------------------------------------------
Update Information:
Unretireing the package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 8 2025 Åukasz WojniÅowicz <lukasz.wojnilow...@gmail.com> -
1.11.0~rc.1-1
- Unretirement import (fedora#2351398).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2328914 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads
to cross site scripting [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2328914
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
