The following builds have been pushed to Fedora EPEL 8 updates-testing
partclone-0.3.39-1.el8
xpdf-4.06-1.el8
Details about builds:
================================================================================
partclone-0.3.39-1.el8 (FEDORA-EPEL-2025-08fce3bc12)
Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:
partclone v0.3.39
Add xxhash support
The BITS_TO_BYTES macro in src/bitmap.h doesn't handle integer overflow creating
vulnerability
Adds validation to prevent a divide-by-zero crash
Integrate optional Intel ISA-L for optimized CRC32 checksums
Fix heap buffer overflow when cloning ext4 bigalloc filesystems
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Robert Scheck <[email protected]> 0.3.39-1
- Upgrade to 0.3.39 (#2414327)
* Tue Nov 4 2025 Tom Callaway <[email protected]> - 0.3.38-2
- rebuild for new fuse3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2414327 - partclone-0.3.39 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2414327
--------------------------------------------------------------------------------
================================================================================
xpdf-4.06-1.el8 (FEDORA-EPEL-2025-5b2095e2c2)
A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141
CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868
CVE-2025-2574 CVE-2025-3154 CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2025 Tom Callaway <[email protected]> - 1:4.06-1
- update to 4.06
* Thu Jul 31 2025 Tom Callaway <[email protected]> - 1:4.05-8
- passing -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with CMake4
(bz2381643)
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1:4.05-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1:4.05-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
1:4.05-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed May 29 2024 Tom Callaway <[email protected]> - 4.05-4
- apply fix for CVE-2024-4141, thanks to Petr Gajdos and Derek Noonburg
* Fri Apr 5 2024 Peter Lemenkov <[email protected]> - 4.05-3
- Verify GPG signature
* Thu Feb 29 2024 Tom Callaway <[email protected]> - 4.05-2
- update langpacks
* Tue Feb 27 2024 Than Ngo <[email protected]> - 4.05-1
- fixed bz#2263444, update to 4.05
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
1:4.04-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <[email protected]> -
1:4.04-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jun 16 2023 Than Ngo <[email protected]> - 1:4.04-9
- added ELN/RHEL conditions
* Fri Apr 28 2023 Tom Callaway <[email protected]> 1:4.04-8
- move libs to -libs subpackage to minimize dep footprint of texlive-pdftex
(bz2188328)
* Tue Feb 21 2023 Than Ngo <[email protected]> - 4.04-7
- migrated to SPDX license
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271912 - CVE-2024-2971 xpdf: negative object number in an
indirect reference in a PDF file can cause an out-of-bounds array write
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2271912
[ 2 ] Bug #2272852 - CVE-2024-3247 xpdf: stack-overflow in pdftotext
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272852
[ 3 ] Bug #2272855 - CVE-2024-3248 xpdf: stack overflow via pdftpng [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272855
[ 4 ] Bug #2275828 - CVE-2024-3900 xpdf: out-of-bounds array write [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275828
[ 5 ] Bug #2277031 - CVE-2024-4141 xpdf: Out-of-bounds array write [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2277031
[ 6 ] Bug #2279472 - CVE-2024-4568 xpdf: loop in the PDF resources leads to
infinite recursion [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2279472
[ 7 ] Bug #2280761 - CVE-2024-4976 xpdf: Out-of-bounds array write due to
missing object type check [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280761
[ 8 ] Bug #2305299 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG)
stream can lead to an uninitialized variable in the DCT decoder [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2305299
[ 9 ] Bug #2305300 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero
due to very large coordinates in a page box [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2305300
[ 10 ] Bug #2305305 - CVE-2024-7866 xpdf: infinite recursion and a stack
overflow due to PDF object loop in a pattern resource [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2305305
[ 11 ] Bug #2354012 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf
4.05 due to incorrect integer overflow checking [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2354012
[ 12 ] Bug #2357054 - CVE-2025-3154 xpdf: Out-of-bounds array write due to
invalid VerticesPerRow in Xpdf 4.05 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2357054
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
