The following Fedora EPEL 10.2 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-57ebb6a630
ruff-0.11.5-7.el10_2
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f84ca818d3
rust-async-broadcast-0.7.2-4.el10_2 rust-endi-1.1.0-4.el10_2
rust-enumflags2-0.7.12-2.el10_2 rust-enumflags2_derive-0.7.12-2.el10_2
rust-ordered-stream-0.2.0-6.el10_2 rust-secret-service-5.1.0-1.el10_2
rust-zbus-5.10.0-2.el10_2 rust-zbus_macros-5.10.0-1.el10_2
rust-zbus_names-4.2.0-2.el10_2 rust-zvariant-5.7.0-1.el10_2
rust-zvariant_derive-5.7.0-1.el10_2 rust-zvariant_utils-3.2.1-1.el10_2
uv-0.8.11-2.el10_2
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5bc6aaad08
civetweb-1.16-9.el10_2
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-3f414a0955
libopenmpt-0.8.3-1.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
certbot-4.2.0-1.el10_2
forgejo-12.0.3-1.el10_2
lemonldap-ng-2.21.3-1.el10_2
monitorix-3.16.0-1.el10_2
openvpn-2.7_beta1-1.el10_2
perl-Cairo-GObject-1.005-22.el10_2
perl-Cpanel-JSON-XS-4.40-1.el10_2
perl-Text-CSV-2.06-1.el10_2
python-pytest-freezegun-0.4.2-12.el10_2
ruby-build-20250908-1.el10_2
rust-errno-0.3.14-1.el10_2
rust-reflink-copy-0.1.28-1.el10_2
voms-api-java-3.3.6-2.el10_2
Details about builds:
================================================================================
certbot-4.2.0-1.el10_2 (FEDORA-EPEL-2025-fb923d197b)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
Update to 4.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 Jonathan Wright <[email protected]> - 4.2.0-1
- update to 4.2.0
* Fri Aug 15 2025 Python Maint <[email protected]> - 4.1.1-3
- Rebuilt for Python 3.14.0rc2 bytecode
--------------------------------------------------------------------------------
================================================================================
forgejo-12.0.3-1.el10_2 (FEDORA-EPEL-2025-f73be56762)
A lightweight software forge
--------------------------------------------------------------------------------
Update Information:
This is an upstream security and bugfix release. Please refer to the upstream
release notes for versions 12.0.2 and 12.0.3 for details about changes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 Nils Philippsen <[email protected]> - 12.0.3-1
- Update to version 12.0.3
* Thu Sep 4 2025 Nils Philippsen <[email protected]> - 12.0.2-1
- Update to version 12.0.2
* Fri Aug 15 2025 Maxwell G <[email protected]> - 12.0.1-4
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G <[email protected]> - 12.0.1-3
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G <[email protected]> - 12.0.1-2
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2389810 - CVE-2025-54881 forgejo: Mermaid cross site scripting
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2389810
[ 2 ] Bug #2389811 - CVE-2025-54880 forgejo: Mermaid cross site scripting
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2389811
[ 3 ] Bug #2391601 - CVE-2025-58058 forgejo: github.com/ulikunitz/xz leaks
memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391601
--------------------------------------------------------------------------------
================================================================================
lemonldap-ng-2.21.3-1.el10_2 (FEDORA-EPEL-2025-8018fd7ca5)
Web Single Sign On (SSO) and Access Management
--------------------------------------------------------------------------------
Update Information:
See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 5 2025 Clement Oudot <[email protected]> - 2.21.3-1
- Update to 2.21.3
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
2.21.2-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
monitorix-3.16.0-1.el10_2 (FEDORA-EPEL-2025-1d2c61a564)
A free, open source, lightweight system monitoring tool
--------------------------------------------------------------------------------
Update Information:
Added support for MongoDB version 6 and changed the way how mongodb.pm is
configured. [#451] Added the new option log_successful_requests in the HTTP
built-in server, to be able to not logging successful requests (enabled by
default). [#454] Changed the default value of global_zoom so now all graphs are
50% bigger. Adjusted the .spec file to be able to generate an RPM file to be
installed on systemd or SysV init systems. [#462] Removed the following obsolete
options: secure_log, secure_log_date_format, imap_log, imap_log_date_format,
hylafax_log, cups_log and cg_logdir. Fixed the size of graphs in Multihost
viewer when using a bigger global_zoom value. Fixed the colors based on the
meaning of input (upload) and output (download) from the server point of view in
ftp.pm. Fixed the error message Use of uninitialized value $gen_h[5] in join or
string at /usr/lib/monitorix/mail.pm line 668. Fixed the regexp that retrieves
the reason for last transfer to battery string in nut.pm. [#466] Fixed the
update() function to support newer versions of Tinyproxy. Fixed to LINE1 the
Involuntary Context Switches value in process.pm.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 Jordi Sanfeliu <[email protected]> - 3.16.0-1
- First push to EPEL10.
* Wed Nov 27 2024 Jordi Sanfeliu <[email protected]> - 3.16.0-1
- Updated to 3.16.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329114 - monitorix-3.16.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2329114
--------------------------------------------------------------------------------
================================================================================
openvpn-2.7_beta1-1.el10_2 (FEDORA-EPEL-2025-427967787e)
A full-featured TLS VPN solution
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.7_beta1 release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 David Sommerseth <[email protected]> - 2.7_beta1
- Update to upstream 2.7_beta1 release
--------------------------------------------------------------------------------
================================================================================
perl-Cairo-GObject-1.005-22.el10_2 (FEDORA-EPEL-2025-80db0d3215)
Integrate Cairo into the Glib type system
--------------------------------------------------------------------------------
Update Information:
This update brings a new perl-Cairo-GObject package, Perl bindings to Cairo
library.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.005-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Jitka Plesnikova <[email protected]> - 1.005-21
- Perl 5.42 rebuild
* Mon May 12 2025 Petr Pisar <[email protected]> - 1.005-20
- Correct a license tag to "LGPL-2.1-or-later"
- Package the tests
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> -
1.005-19.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Sep 2 2024 Miroslav Suchý <[email protected]> - 1.005-18.1
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
1.005-17.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 10 2024 Jitka Plesnikova <[email protected]> - 1.005-16.1
- Perl 5.40 rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
1.005-15.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
1.005-14.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369999 - Add perl-Cairo-GObject to EPEL 10 and EPEL 10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2369999
--------------------------------------------------------------------------------
================================================================================
perl-Cpanel-JSON-XS-4.40-1.el10_2 (FEDORA-EPEL-2025-297a408c18)
JSON::XS for Cpanel, fast and correct serializing
--------------------------------------------------------------------------------
Update Information:
This update is the latest upstream release of the Cpanel::JSON::XS module,
bringing many bug fixes and enhancements since the original EPEL package
release. Amongst the bug fixes is one to fix an integer overflow issue that
could be triggered by a specially-crafted JSON input, which could lead to a
crash in the program parsing the JSON (CVE-2025-40929).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 Paul Howarth <[email protected]> - 4.40-1
- Update to 4.40
- Fix overflow with overlong numbers, fuzzing only (CVE-2025-40929)
- Detect more malformed numbers, with two decimal points
- Pin Github actions to latest @v via pinact run -u
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 4.39-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Jitka Plesnikova <[email protected]> - 4.39-4
- Perl 5.42 re-rebuild of bootstrapped packages
* Mon Jul 7 2025 Jitka Plesnikova <[email protected]> - 4.39-3
- Perl 5.42 rebuild
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> - 4.39-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Dec 13 2024 Paul Howarth <[email protected]> - 4.39-1
- Update to 4.39
- Fix Windows -Dusequadmath (GH#229, GH#235)
- Fix inconsistent behavior between decoding escaped and unescaped
surrogates, and escaped non-characters vs. non-escaped non-characters; now
aligned to JSON::PP (GH#227, GH#233)
- Add type_all_string tests (GH#236)
- Silence UV to char cast warnings (GH#232)
- Fix MSVC preprocessor errors (GH#232)
- Fix -Wformat warnings on Windows (GH#228)
- Clarify BigInt decoding (GH#226)
- Drop EL-7 support
- Use %{make_build} and %{make_install}
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> - 4.38-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jun 12 2024 Jitka Plesnikova <[email protected]> - 4.38-3
- Perl 5.40 re-rebuild of bootstrapped packages
* Tue Jun 11 2024 Jitka Plesnikova <[email protected]> - 4.38-2
- Perl 5.40 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2393915 - CVE-2025-40929 perl-Cpanel-JSON-XS: integer buffer
overflow causing a segfault when parsing crafted JSON [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393915
--------------------------------------------------------------------------------
================================================================================
perl-Text-CSV-2.06-1.el10_2 (FEDORA-EPEL-2025-dfe9773c98)
Comma-separated values manipulator
--------------------------------------------------------------------------------
Update Information:
First EPEL 10 build.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 20 2025 Jitka Plesnikova <[email protected]> - 2.06-1
- 2.06 bump (rhbz#2349284)
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 2.05-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> - 2.04-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> - 2.04-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon May 20 2024 Jitka Plesnikova <[email protected]> - 2.04-1
- 2.04 bump (rhbz#2252556)
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> - 2.03-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> - 2.03-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Sep 11 2023 Jitka Plesnikova <[email protected]> - 2.03-1
- 2.03 bump (rhbz#2231263)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2394086 - Please branch and build perl-Text-CSV for EPEL 10
https://bugzilla.redhat.com/show_bug.cgi?id=2394086
--------------------------------------------------------------------------------
================================================================================
python-pytest-freezegun-0.4.2-12.el10_2 (FEDORA-EPEL-2025-9067102bef)
Wrap pytest tests with fixtures in freeze_time
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 10 build.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
0.4.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering <[email protected]> -
0.4.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 14 2023 Python Maint <[email protected]> - 0.4.2-8
- Rebuilt for Python 3.12
* Fri Jan 20 2023 Fedora Release Engineering <[email protected]> -
0.4.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <[email protected]> -
0.4.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <[email protected]> - 0.4.2-5
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
ruby-build-20250908-1.el10_2 (FEDORA-EPEL-2025-16c8483471)
Compile and install Ruby
--------------------------------------------------------------------------------
Update Information:
Update to 20250908
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 8 2025 Packit <[email protected]> - 20250908-1
- Update to 20250908 upstream release
- Resolves: rhbz#2393922
--------------------------------------------------------------------------------
================================================================================
rust-errno-0.3.14-1.el10_2 (FEDORA-EPEL-2025-6db3298fab)
Cross-platform interface to the errno variable
--------------------------------------------------------------------------------
Update Information:
Update to version 0.3.14.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 9 2025 Fabio Valentini <[email protected]> - 0.3.14-1
- Update to version 0.3.14; Fixes RHBZ#2394005
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.3.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-reflink-copy-0.1.28-1.el10_2 (FEDORA-EPEL-2025-1d7b618168)
Copy-on-write mechanism on supported file systems
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.28; Fixes RHBZ#2393863
Loosens a dependency version bound, for Windows users only
Update to 0.1.27 (close RHBZ#2393617)
This update only bumps a dependency for Windows users.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 8 2025 Benjamin A. Beasley <[email protected]> - 0.1.28-1
- Update to version 0.1.28; Fixes RHBZ#2393863
* Sat Sep 6 2025 Benjamin A. Beasley <[email protected]> - 0.1.27-1
- Update to 0.1.27 (close RHBZ#2393617)
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.26-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.1.26-2
- Remove no-longer-necessary .rpmlintrc file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2393617 - rust-reflink-copy-0.1.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2393617
[ 2 ] Bug #2393863 - rust-reflink-copy-0.1.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2393863
--------------------------------------------------------------------------------
================================================================================
voms-api-java-3.3.6-2.el10_2 (FEDORA-EPEL-2025-ae1269d4b1)
Virtual Organization Membership Service Java API
--------------------------------------------------------------------------------
Update Information:
Enable tests in package build.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 8 2025 Mattias Ellert <[email protected]> - 3.3.6-2
- Include upstream's scripts for generating test certificates
- Enable tests again
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
