[EPEL-devel] Fedora EPEL 9 updates-testing report

updates Sun, 30 Nov 2025 16:26:48 -0800

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db   
xpdf-4.06-1.el9
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-6495526449   
restic-0.18.1-1.el9
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-054eae36ef   
openbao-2.4.4-1.el9
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-a91b94e5c1   
stb-0^20251025gitf1c79c0-2.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-16dc0220ef   
fcgi-2.4.7-1.el9



The following builds have been pushed to Fedora EPEL 9 updates-testing

    NetworkManager-l2tp-1.20.20-5.el9
    libwebsockets-4.3.7-1.el9
    rust-axum-server-0.7.3-1.el9

Details about builds:


================================================================================
 NetworkManager-l2tp-1.20.20-5.el9 (FEDORA-EPEL-2025-e66fcd3946)
 NetworkManager VPN plugin for L2TP and L2TP/IPsec
--------------------------------------------------------------------------------
Update Information:

Add README.Fedora for Fedora or README.EPEL for EPEL
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 12 2025 Douglas Kosovic <[email protected]> - 1.20.20-5
- Add README.Fedora for Fedora or README.EPEL for EPEL
- Use (go-l2tp or xl2tpd) dependency for Fedora 43 to handle upgrades
  from earlier Fedora versions that had xl2tpd installed.
* Tue Aug 26 2025 Douglas Kosovic <[email protected]> - 1.20.20-4
- Fix orphaned xl2tpd dependency issue, switch to go-l2tp 
(rhbz#2390669,rhbz#2390688)
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 
1.20.20-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> - 
1.20.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 libwebsockets-4.3.7-1.el9 (FEDORA-EPEL-2025-02dd502cb2)
 Lightweight C library for Websockets
--------------------------------------------------------------------------------
Update Information:

Update to 4.3.7
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 30 2025 Peter Robinson <[email protected]> - 4.3.7-1
- Update to 4.3.7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2405213 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in 
libwebsockets PNG parsing [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405213
  [ 2 ] Bug #2405215 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in 
libwebsockets PNG parsing [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405215
  [ 3 ] Bug #2405217 - CVE-2025-11679 libwebsockets: Out-of-bounds Read in 
libwebsockets PNG parsing [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405217
  [ 4 ] Bug #2405247 - CVE-2025-11677 libwebsockets: Use After Free in 
libwebsockets WebSocket server [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405247
  [ 5 ] Bug #2405249 - CVE-2025-11677 libwebsockets: Use After Free in 
libwebsockets WebSocket server [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405249
  [ 6 ] Bug #2405251 - CVE-2025-11677 libwebsockets: Use After Free in 
libwebsockets WebSocket server [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405251
  [ 7 ] Bug #2405258 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in 
libwebsockets PNG parsing [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405258
  [ 8 ] Bug #2405260 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in 
libwebsockets PNG parsing [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405260
  [ 9 ] Bug #2405262 - CVE-2025-11680 libwebsockets: Out-of-bounds Write in 
libwebsockets PNG parsing [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405262
  [ 10 ] Bug #2405566 - CVE-2025-11678 libwebsockets: Stack-based Buffer 
Overflow in libwebsockets [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405566
  [ 11 ] Bug #2405569 - CVE-2025-11678 libwebsockets: Stack-based Buffer 
Overflow in libwebsockets [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2405569
--------------------------------------------------------------------------------


================================================================================
 rust-axum-server-0.7.3-1.el9 (FEDORA-EPEL-2025-12984984e9)
 High level server designed to be used with axum framework
--------------------------------------------------------------------------------
Update Information:

Update to 0.7.3
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 30 2025 Cristian Le <[email protected]> - 0.7.3-1
- Update to 0.7.3 (rhbz#2415121)
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Fedora EPEL 9 updates-testing report

Reply via email to