The following Fedora EPEL 10.0 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-78c7cd34db
python-nh3-0.2.21-2.el10_0 rust-ammonia-4.0.1-1.el10_0
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-b8aaadaa26
bird-3.1.4-1.el10_0
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-04455338f9
rust-astral-tokio-tar-0.5.5-1.el10_0 rust-flate2-1.1.2-1.el10_0
rust-rustls-0.23.23-2.el10_0 uv-0.6.17-2.el10_0
The following builds have been pushed to Fedora EPEL 10.0 updates-testing
apptainer-1.4.3-1.el10_0
clifm-1.26.3-1.el10_0
fapolicy-analyzer-1.5.0-1.el10_0
java-latest-openjdk-25.0.0.0.36-0.3.el10_0
perl-GooCanvas2-0.06-23.el10_0
perl-Gtk3-0.038-18.el10_0
ramalama-0.12.3-1.el10_0
rust-munge-0.4.7-1.el10_0
rust-munge_macro-0.4.7-1.el10_0
rust-rancor-0.1.1-1.el10_0
Details about builds:
================================================================================
apptainer-1.4.3-1.el10_0 (FEDORA-EPEL-2025-999e2b79bc)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.3, fix CVE-2025-58058
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Dave Dykstra <[email protected]> - 1.4.3
- Update to upstream 1.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391600 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2391600
[ 2 ] Bug #2391608 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2391608
[ 3 ] Bug #2391610 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391610
[ 4 ] Bug #2391617 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2391617
[ 5 ] Bug #2391646 - CVE-2025-58058 apptainer: github.com/ulikunitz/xz leaks
memory [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391646
[ 6 ] Bug #2398283 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2398283
[ 7 ] Bug #2398318 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2398318
[ 8 ] Bug #2398338 - CVE-2025-47910 apptainer: CrossOriginProtection bypass
in net/http [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398338
[ 9 ] Bug #2400161 - apptainer-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400161
--------------------------------------------------------------------------------
================================================================================
clifm-1.26.3-1.el10_0 (FEDORA-EPEL-2025-bbf396a373)
Shell-like, command line terminal file manager
--------------------------------------------------------------------------------
Update Information:
update to 1.26.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Jonathan Wright <[email protected]> - 1.26.3-1
- update to 1.26.3 rhbz#2400032
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 1.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 22 2025 Jonathan Wright <[email protected]> - 1.26-1
- update to 1.26 rhbz#2339036
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> - 1.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Dec 3 2024 Carl George <[email protected]> - 1.22-1
- Update to version 1.22 rhbz#2304057
--------------------------------------------------------------------------------
================================================================================
fapolicy-analyzer-1.5.0-1.el10_0 (FEDORA-EPEL-2025-1c880b3afb)
File Access Policy Analyzer
--------------------------------------------------------------------------------
Update Information:
EPEL 10.0 release. User guide and release notes are available on the project
page https://github.com/ctc-oss/fapolicy-analyzer
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 26 2025 John Wass <[email protected]> 1.5.0-1
- New release
* Sun Jul 28 2024 John Wass <[email protected]> 1.4.0-1
- New release
* Sat Feb 3 2024 John Wass <[email protected]> 1.3.0-1
- Release v1.3.0
* Wed Dec 27 2023 John Wass <[email protected]> 1.2.2-1
- Release v1.2.2
* Fri Nov 17 2023 John Wass <[email protected]> 1.2.1-1
- Release v1.2.1
* Mon Nov 6 2023 John Wass <[email protected]> 1.2.0-1
- Release v1.2.0
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-25.0.0.0.36-0.3.el10_0 (FEDORA-EPEL-2025-a0533a4885)
OpenJDK 25 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
bumped laates to 25 and aligned 25 to be more compatible with lates when on same
version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 26 2025 Jiri Vanek <[email protected]> - 1:25.0.0.0.36-3
- Renamed the top level directoy to java-latest-openjdk
* Fri Sep 26 2025 Jiri Vanek <[email protected]> - 1:25.0.0.0.36-2
- Fixed bug with duplicated javadoc
* Tue Sep 23 2025 Jiri Vanek <[email protected]> - 1:25.0.0.0.36-1
- Moved to jdk 25 ga
* Wed Jul 30 2025 Jiri Vanek <[email protected]> - 1:24.0.2.0.12-6
- Revert "Rebuilt for
https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild";
* Wed Jul 30 2025 Jiri Vanek <[email protected]> - 1:24.0.2.0.12-5
- bumped release
* Wed Jul 30 2025 Yaakov Selkowitz <[email protected]> - 1:24.0.2.0.12-4
- Fix flatpak build of debuginfo
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
1:24.0.2.0.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jul 23 2025 Jiri Vanek <[email protected]> - 1:24.0.2.0.12-2
- riscv64 has libsleef.so
--------------------------------------------------------------------------------
================================================================================
perl-GooCanvas2-0.06-23.el10_0 (FEDORA-EPEL-2025-977ea5c160)
Perl binding for GooCanvas2 widget using Glib::Object::Introspection
--------------------------------------------------------------------------------
Update Information:
This update brings a new perl-GooCanvas2 package, a Perl binding to GooCanvas2
GTK widget.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.06-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
0.06-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.06-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.06-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.06-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370003 - Add perl-GooCanvas2 to EPEL 10 and 10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2370003
--------------------------------------------------------------------------------
================================================================================
perl-Gtk3-0.038-18.el10_0 (FEDORA-EPEL-2025-1daf7418ff)
Perl interface to the 3.x series of the GTK+ toolkit
--------------------------------------------------------------------------------
Update Information:
This update brings a new perl-Gtk3 package, a Perl binding to GTK3 library.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.038-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jun 4 2025 Petr Pisar <[email protected]> - 0.038-17
- Run tests also against Wayland
* Mon May 12 2025 Petr Pisar <[email protected]> - 0.038-16
- Correct a list of build dependencies
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
0.038-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Aug 8 2024 Petr Pisar <[email protected]> - 0.038-14
- gdk-pixbuf2-modules-extra is needed for the packaged tests (rhbz#2278602)
* Fri Jul 26 2024 Benjamin Gilbert <[email protected]> - 0.038-13
- BR gdk-pixbuf2-modules-extra on F41+ to fix XPM tests (rhbz#2278602)
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.038-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.038-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.038-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370008 - Add perl-Gtk3 to EPEL 10 and 10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2370008
--------------------------------------------------------------------------------
================================================================================
ramalama-0.12.3-1.el10_0 (FEDORA-EPEL-2025-4af9d7d03d)
Command line tool for working with AI LLM models
--------------------------------------------------------------------------------
Update Information:
Automatic update for ramalama-0.12.3-1.el10_0.
Changelog for ramalama
* Sun Sep 28 2025 Packit <[email protected]> - 0.12.3-1
- Update to 0.12.3 upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 28 2025 Packit <[email protected]> - 0.12.3-1
- Update to 0.12.3 upstream release
--------------------------------------------------------------------------------
================================================================================
rust-munge-0.4.7-1.el10_0 (FEDORA-EPEL-2025-da1b840072)
Macro for custom destructuring
--------------------------------------------------------------------------------
Update Information:
Update munge/munge_macro to 0.4.7. These releases contain trivial source-code
changes to support an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.4.7-1
- Update to version 0.4.7; Fix RHBZ#2400134
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400134 - rust-munge-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400134
[ 2 ] Bug #2400135 - rust-munge_macro-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400135
--------------------------------------------------------------------------------
================================================================================
rust-munge_macro-0.4.7-1.el10_0 (FEDORA-EPEL-2025-da1b840072)
Macro for custom destructuring
--------------------------------------------------------------------------------
Update Information:
Update munge/munge_macro to 0.4.7. These releases contain trivial source-code
changes to support an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.4.7-1
- Update to version 0.4.7; Fix RHBZ#2400135
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400134 - rust-munge-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400134
[ 2 ] Bug #2400135 - rust-munge_macro-0.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400135
--------------------------------------------------------------------------------
================================================================================
rust-rancor-0.1.1-1.el10_0 (FEDORA-EPEL-2025-023805c8d6)
Scalable and efficient error handling without type composition
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.1; Fixes RHBZ#2400154
This update contains only a trivial source change as part of an upstream CI fix.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.1.1-1
- Update to version 0.1.1; Fixes RHBZ#2400154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.1.0-4
- Re-generate with rust2rpm 27
* Tue May 13 2025 Benjamin A. Beasley <[email protected]> - 0.1.0-3
- Remove no-longer-necessary .rpmlintrc file
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2400154 - rust-rancor-0.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2400154
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
