The following Fedora EPEL 9 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-400842a607
chromium-142.0.7444.162-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f63e98e319
jfrog-cli-2.78.3-2.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
gdl-1.0.6-3.el9
ncl-6.6.2-59.el9
partclone-0.3.39-1.el9
pbuilder-0.231.1-4.el9
rust-fern-0.7.1-4.el9
rust-pastel-0.11.0-1.el9
rust-rand_xoshiro-0.7.0-1.el9
rust-rand_xoshiro0.6-0.6.0-1.el9
rust-unit-prefix-0.5.2-1.el9
tor-0.4.8.21-1.el9
xpdf-4.06-1.el9
Details about builds:
================================================================================
gdl-1.0.6-3.el9 (FEDORA-EPEL-2025-cf664c9e88)
GNU Data Language
--------------------------------------------------------------------------------
Update Information:
Rebuild for proj 9.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Orion Poplawski <[email protected]> - 1.0.6-3
- Rebuild with proj 9.6
* Tue Jun 24 2025 Orion Poplawski <[email protected]> - 1.0.6-2
- Rebuild for proj 9
* Thu May 23 2024 Orion Poplawski <[email protected]> - 1.0.6-1
- Update to 1.0.6
--------------------------------------------------------------------------------
================================================================================
ncl-6.6.2-59.el9 (FEDORA-EPEL-2025-5f7bf320d0)
NCAR Command Language and NCAR Graphics
--------------------------------------------------------------------------------
Update Information:
Rebuild for proj 9.6 / gdal 3.10
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 1 2025 Orion Poplawski <[email protected]> - 6.6.2-58
- Fails to build on ppc64le and we do not care, so drop it (rhbz#2385206)
* Tue Jul 29 2025 Sandro Mani <[email protected]> - 6.6.2-52
- Rebuild (gdal)
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> -
6.6.2-51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Feb 2 2025 Orion Poplawski <[email protected]> - 6.6.2-50
- Rebuild with gsl 2.8
* Fri Jan 24 2025 Orion Poplawski <[email protected]> - 6.6.2-49
- Add patch to fix build with gcc 15 (FTBFS rhbz#2340908)
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> -
6.6.2-48
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Nov 8 2024 Sandro Mani <[email protected]> - 6.6.2-47
- Rebuild (gdal)
* Fri Oct 25 2024 Orion Poplawski <[email protected]> - 6.6.2-46
- Rebuild for hdf5 1.14.5
* Wed Oct 2 2024 Orion Poplawski <[email protected]> - 6.6.2-45
- Add patch to fix build with hdf 4.3
* Mon Sep 2 2024 Miroslav Suchý <[email protected]> - 6.6.2-44
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
6.6.2-43
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon May 13 2024 Sandro Mani <[email protected]> - 6.6.2-42
- Rebuild (gdal)
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
6.6.2-41
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
6.6.2-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Nov 28 2023 Orion Poplawski <[email protected]> - 6.6.2-39
- Rebuild for jasper 4.1
* Wed Nov 15 2023 Sandro Mani <[email protected]> - 6.6.2-38
- Rebuild (gdal)
* Tue Aug 29 2023 Florian Weimer <[email protected]> - 6.6.2-37
- Set build_type_safety_c to 0 (#2145150)
--------------------------------------------------------------------------------
================================================================================
partclone-0.3.39-1.el9 (FEDORA-EPEL-2025-abdc0831c7)
Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:
partclone v0.3.39
Add xxhash support
The BITS_TO_BYTES macro in src/bitmap.h doesn't handle integer overflow creating
vulnerability
Adds validation to prevent a divide-by-zero crash
Integrate optional Intel ISA-L for optimized CRC32 checksums
Fix heap buffer overflow when cloning ext4 bigalloc filesystems
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Robert Scheck <[email protected]> 0.3.39-1
- Upgrade to 0.3.39 (#2414327)
* Tue Nov 4 2025 Tom Callaway <[email protected]> - 0.3.38-2
- rebuild for new fuse3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2414327 - partclone-0.3.39 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2414327
--------------------------------------------------------------------------------
================================================================================
pbuilder-0.231.1-4.el9 (FEDORA-EPEL-2025-d97ff0dc39)
Personal package builder for Debian packages
--------------------------------------------------------------------------------
Update Information:
Disable shebangs mangling of pdebuild-internal
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 17 2025 Javier Hernández <[email protected]> - 0.231.1-4
- Disable shebang mangling of pdebuild-internal (rhbz#2414355)
--------------------------------------------------------------------------------
================================================================================
rust-fern-0.7.1-4.el9 (FEDORA-EPEL-2025-719a425d55)
Simple, efficient logging
--------------------------------------------------------------------------------
Update Information:
Enable support features for v6 of the syslog crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 10 2025 Mat Booth <[email protected]> - 0.7.1-4
- Add features for the version of rust-syslog in Fedora
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pastel-0.11.0-1.el9 (FEDORA-EPEL-2025-e215da39d0)
Command-line tool to generate, analyze, convert and manipulate colors
--------------------------------------------------------------------------------
Update Information:
rust-pastel 0.11.0
Initial package
rand_xoshiro 0.7.0 - 2025-01-27
Bump the MSRV to 1.63 (#58)
Update to rand_core v0.9.0 (#58)
Rename feature serde1 to serde (#58)
Add Xoshiro128Plus::long_jump
Add examples for initializing the RNGs
Speed up from_seed implementation for 128-bit seeds
Fix a few typos in the docs
Supply a rust-rand_xoshiro0.6 compat package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2025 Benjamin A. Beasley <[email protected]> - 0.11.0-1
- Initial package (close RHBZ#2415245)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2342273 - rust-rand_xoshiro-0.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2342273
[ 2 ] Bug #2415245 - Review Request: rust-pastel - Command-line tool to
generate, analyze, convert and manipulate colors
https://bugzilla.redhat.com/show_bug.cgi?id=2415245
--------------------------------------------------------------------------------
================================================================================
rust-rand_xoshiro-0.7.0-1.el9 (FEDORA-EPEL-2025-e215da39d0)
Xoshiro, xoroshiro and splitmix64 random number generators
--------------------------------------------------------------------------------
Update Information:
rust-pastel 0.11.0
Initial package
rand_xoshiro 0.7.0 - 2025-01-27
Bump the MSRV to 1.63 (#58)
Update to rand_core v0.9.0 (#58)
Rename feature serde1 to serde (#58)
Add Xoshiro128Plus::long_jump
Add examples for initializing the RNGs
Speed up from_seed implementation for 128-bit seeds
Fix a few typos in the docs
Supply a rust-rand_xoshiro0.6 compat package.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 10 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Update to version 0.7.0; Fixes RHBZ#2342273
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.6.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.6.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.6.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2342273 - rust-rand_xoshiro-0.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2342273
[ 2 ] Bug #2415245 - Review Request: rust-pastel - Command-line tool to
generate, analyze, convert and manipulate colors
https://bugzilla.redhat.com/show_bug.cgi?id=2415245
--------------------------------------------------------------------------------
================================================================================
rust-rand_xoshiro0.6-0.6.0-1.el9 (FEDORA-EPEL-2025-e215da39d0)
Xoshiro, xoroshiro and splitmix64 random number generators
--------------------------------------------------------------------------------
Update Information:
rust-pastel 0.11.0
Initial package
rand_xoshiro 0.7.0 - 2025-01-27
Bump the MSRV to 1.63 (#58)
Update to rand_core v0.9.0 (#58)
Rename feature serde1 to serde (#58)
Add Xoshiro128Plus::long_jump
Add examples for initializing the RNGs
Speed up from_seed implementation for 128-bit seeds
Fix a few typos in the docs
Supply a rust-rand_xoshiro0.6 compat package.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 14 2025 Benjamin A. Beasley <[email protected]> - 0.6.0-1
- Initial compat package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2342273 - rust-rand_xoshiro-0.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2342273
[ 2 ] Bug #2415245 - Review Request: rust-pastel - Command-line tool to
generate, analyze, convert and manipulate colors
https://bugzilla.redhat.com/show_bug.cgi?id=2415245
--------------------------------------------------------------------------------
================================================================================
rust-unit-prefix-0.5.2-1.el9 (FEDORA-EPEL-2025-1c68d62719)
Format numbers with metric and binary unit prefixes
--------------------------------------------------------------------------------
Update Information:
Update to 0.5.2; the repository URL is updated in the Cargo metadata.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Benjamin A. Beasley <[email protected]> - 0.5.2-1
- Update to 0.5.2; Fixes RHBZ#2415303
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415303 - rust-unit-prefix-0.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2415303
--------------------------------------------------------------------------------
================================================================================
tor-0.4.8.21-1.el9 (FEDORA-EPEL-2025-c2f0b05145)
Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release https://forum.torproject.org/t/stable-
release-0-4-8-21/20817
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Marcel Härry <[email protected]>- 0.4.8.21-1
- Update to latest upstream release
https://forum.torproject.org/t/stable-release-0-4-8-21/20817
* Wed Nov 19 2025 Marcel Härry <[email protected]>- 0.4.8.20-1
- Update to latest upstream release
https://forum.torproject.org/t/stable-release-0-4-8-19/20781
* Fri Oct 17 2025 Marcel Härry <[email protected]>- 0.4.8.19-1
- Update to latest upstream release
https://forum.torproject.org/t/stable-release-0-4-8-19/20648
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.4.8.17-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jul 13 2025 Marcel Härry <[email protected]> - 0.4.8.17-2
- Enable drop-in configuration by default bz#2338912
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415852 - current latest version is obsolete
https://bugzilla.redhat.com/show_bug.cgi?id=2415852
--------------------------------------------------------------------------------
================================================================================
xpdf-4.06-1.el9 (FEDORA-EPEL-2025-9a55de96db)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141
CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868
CVE-2025-2574 CVE-2025-3154 CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2025 Tom Callaway <[email protected]> - 1:4.06-1
- update to 4.06
* Thu Jul 31 2025 Tom Callaway <[email protected]> - 1:4.05-8
- passing -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with CMake4
(bz2381643)
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1:4.05-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1:4.05-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
1:4.05-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed May 29 2024 Tom Callaway <[email protected]> - 4.05-4
- apply fix for CVE-2024-4141, thanks to Petr Gajdos and Derek Noonburg
* Fri Apr 5 2024 Peter Lemenkov <[email protected]> - 4.05-3
- Verify GPG signature
* Thu Feb 29 2024 Tom Callaway <[email protected]> - 4.05-2
- update langpacks
* Tue Feb 27 2024 Than Ngo <[email protected]> - 4.05-1
- fixed bz#2263444, update to 4.05
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
1:4.04-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271912 - CVE-2024-2971 xpdf: negative object number in an
indirect reference in a PDF file can cause an out-of-bounds array write
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271912
[ 2 ] Bug #2272852 - CVE-2024-3247 xpdf: stack-overflow in pdftotext
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272852
[ 3 ] Bug #2272855 - CVE-2024-3248 xpdf: stack overflow via pdftpng [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272855
[ 4 ] Bug #2275828 - CVE-2024-3900 xpdf: out-of-bounds array write [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275828
[ 5 ] Bug #2277031 - CVE-2024-4141 xpdf: Out-of-bounds array write [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2277031
[ 6 ] Bug #2279472 - CVE-2024-4568 xpdf: loop in the PDF resources leads to
infinite recursion [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2279472
[ 7 ] Bug #2280761 - CVE-2024-4976 xpdf: Out-of-bounds array write due to
missing object type check [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280761
[ 8 ] Bug #2305299 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG)
stream can lead to an uninitialized variable in the DCT decoder [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2305299
[ 9 ] Bug #2305300 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero
due to very large coordinates in a page box [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2305300
[ 10 ] Bug #2305305 - CVE-2024-7866 xpdf: infinite recursion and a stack
overflow due to PDF object loop in a pattern resource [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2305305
[ 11 ] Bug #2354012 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf
4.05 due to incorrect integer overflow checking [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2354012
[ 12 ] Bug #2357054 - CVE-2025-3154 xpdf: Out-of-bounds array write due to
invalid VerticesPerRow in Xpdf 4.05 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2357054
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
