The following Fedora EPEL 8 Security updates need testing:
Age URL
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2
xpdf-4.06-1.el8
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0739431e45
openbao-2.4.4-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e1a26dce63
stb-0-0.55.20251025gitf1c79c0.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1099c414ec
fcgi-2.4.7-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
baresip-4.3.0-1.el8
libre-4.3.0-1.el8
partclone-0.3.40-1.el8
suricata-7.0.13-1.el8
Details about builds:
================================================================================
baresip-4.3.0-1.el8 (FEDORA-EPEL-2025-c5ffd6e5c1)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
Baresip v4.3.0 (2025-11-19)
video: find new encoder if not available
video: null pointer checks for codec functions
test/ccheck: ignore reversed list_unlink
g722: add libg722 module as alternative to avoid spandsp dependency
pulse: return err if unsupported stream
jbuf: update copyright
jbuf: remove unused jbuf_frames() in API
rtprecv, aureceiver: fix ssrc re-invite
test: remove include to menu.h
play: warnings for failed audio devices
account: added account_set_pubint API function
Baresip v4.2.0 (2025-10-15)
menu: check return value from str_dup()
ctrl_dbus: check return value of str_dup()
core: set bundle rtpext before aulevel
ice: use icem_rcand_ready
mpa: move MPA audio codec to baresip-apps
webrtc_aecm: removed module
ci-windows: bump choco openssl version to 3.5.3
audiounit: remove unused member int fmt
audiounit: remove int ch already present in struct ausrc_prm
call,bevent: add call contacturi
test/ua: add test_ua_cuser
ua: rename setting to sip_cuser_random
menu: fix some typos
call: send local SDP event not too early
call: call_modify() - local SDP event before SDP encode
test: add test_uag_find_msg()
video: better sendrate and burst_bits defaults
webrtc_aec: update module to Debian Trixie compatibility
call: add missing input argument checking (struct call pointer)
ci,windows: bump Choco to OpenSSL version 3.5.4
modules: fix minor typos
config: remove mpa module from template
avfilter: fix av_opt_set_int_list deprecation warning
ci/macos: use default ffmpeg (currently 8.0)
cmake: fix usage of SPANDSP_HINTS
ci/coverage: increase min. coverage
bump version number to 4.2.0
libre v4.3.0 (2025-11-19)
cmake: remove macOS include path
test: sort testcases in alphabetical order
test: increase coverage of websock test with protocol on/off
sdp/media: fix sdp_media_align_formats pt handling
dns: fix AAAA address comparison in getaddr_dup()
test: add support for IPv6 DNS testing
ci: add clang-21
sys/fs: improve fs_fread error handling
test: compare DNS RR records data in order to increase test-coverage
dns: correct comment in dnsc_query_srv()
h265: Fix NAL Decode nuh_layer_id
auframe: avoid auframe_bytes_to_ms division by zero
aumix: add aumix_latency and new defaults
dns: remove get_android_dns()
test: add testing of DNS nameservers
cmake/re-config: fix HAVE_THREADS discovery
libre v4.2.0 (2025-10-15)
test: add testcode for btrace module
types: add ETIME fallback
test: add testing of conf_get_bool()
test/btrace: skip thread test
Revert "dtls: remove dtls_set_handlers() -- unused"
ice/icem: add icem_rcand_ready helper
ice/sdp: remove mDNS AI_V4MAPPED and log late candidate
tls: minor improvements to SNI and Common-name comparison
tls: revert wrong match-checking in SNI function
ci-windows: bump choco openssl version to 3.5.3
tls: sni - a null pointer check
test: fix some minor typos
dbg: remove dbg_close() -- unused
ci,windows: bump choco openssl to 3.5.4
misc: fix some minor typos
test: test both fragmented and non-fragmented H.265 packets
test: add negative AES testcases
test: add test for conf_apply()
ci/android: Upgrade to API-level 29 (Android 10.0)
ci/android: remove AVD cache
ci/android: revert to android api level 26
bump version number to 4.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 29 2025 Robert Scheck <[email protected]> 4.3.0-1
- Upgrade to 4.3.0 (#2404130)
* Tue Nov 11 2025 Adam Williamson <[email protected]> - 4.1.0-3
- rebuild against libre with fixed thread detection
* Mon Nov 10 2025 Adam Williamson <[email protected]> - 4.1.0-2
- rebuild for FFmpeg 8
- build with -DHAVE_THREADS=1 to fix build failure with recent glibc
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2404092 - libre-4.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2404092
[ 2 ] Bug #2404130 - baresip-4.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2404130
--------------------------------------------------------------------------------
================================================================================
libre-4.3.0-1.el8 (FEDORA-EPEL-2025-c5ffd6e5c1)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
Baresip v4.3.0 (2025-11-19)
video: find new encoder if not available
video: null pointer checks for codec functions
test/ccheck: ignore reversed list_unlink
g722: add libg722 module as alternative to avoid spandsp dependency
pulse: return err if unsupported stream
jbuf: update copyright
jbuf: remove unused jbuf_frames() in API
rtprecv, aureceiver: fix ssrc re-invite
test: remove include to menu.h
play: warnings for failed audio devices
account: added account_set_pubint API function
Baresip v4.2.0 (2025-10-15)
menu: check return value from str_dup()
ctrl_dbus: check return value of str_dup()
core: set bundle rtpext before aulevel
ice: use icem_rcand_ready
mpa: move MPA audio codec to baresip-apps
webrtc_aecm: removed module
ci-windows: bump choco openssl version to 3.5.3
audiounit: remove unused member int fmt
audiounit: remove int ch already present in struct ausrc_prm
call,bevent: add call contacturi
test/ua: add test_ua_cuser
ua: rename setting to sip_cuser_random
menu: fix some typos
call: send local SDP event not too early
call: call_modify() - local SDP event before SDP encode
test: add test_uag_find_msg()
video: better sendrate and burst_bits defaults
webrtc_aec: update module to Debian Trixie compatibility
call: add missing input argument checking (struct call pointer)
ci,windows: bump Choco to OpenSSL version 3.5.4
modules: fix minor typos
config: remove mpa module from template
avfilter: fix av_opt_set_int_list deprecation warning
ci/macos: use default ffmpeg (currently 8.0)
cmake: fix usage of SPANDSP_HINTS
ci/coverage: increase min. coverage
bump version number to 4.2.0
libre v4.3.0 (2025-11-19)
cmake: remove macOS include path
test: sort testcases in alphabetical order
test: increase coverage of websock test with protocol on/off
sdp/media: fix sdp_media_align_formats pt handling
dns: fix AAAA address comparison in getaddr_dup()
test: add support for IPv6 DNS testing
ci: add clang-21
sys/fs: improve fs_fread error handling
test: compare DNS RR records data in order to increase test-coverage
dns: correct comment in dnsc_query_srv()
h265: Fix NAL Decode nuh_layer_id
auframe: avoid auframe_bytes_to_ms division by zero
aumix: add aumix_latency and new defaults
dns: remove get_android_dns()
test: add testing of DNS nameservers
cmake/re-config: fix HAVE_THREADS discovery
libre v4.2.0 (2025-10-15)
test: add testcode for btrace module
types: add ETIME fallback
test: add testing of conf_get_bool()
test/btrace: skip thread test
Revert "dtls: remove dtls_set_handlers() -- unused"
ice/icem: add icem_rcand_ready helper
ice/sdp: remove mDNS AI_V4MAPPED and log late candidate
tls: minor improvements to SNI and Common-name comparison
tls: revert wrong match-checking in SNI function
ci-windows: bump choco openssl version to 3.5.3
tls: sni - a null pointer check
test: fix some minor typos
dbg: remove dbg_close() -- unused
ci,windows: bump choco openssl to 3.5.4
misc: fix some minor typos
test: test both fragmented and non-fragmented H.265 packets
test: add negative AES testcases
test: add test for conf_apply()
ci/android: Upgrade to API-level 29 (Android 10.0)
ci/android: remove AVD cache
ci/android: revert to android api level 26
bump version number to 4.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 29 2025 Robert Scheck <[email protected]> 4.3.0-1
- Upgrade to 4.3.0 (#2404092)
* Tue Nov 11 2025 Adam Williamson <[email protected]> - 4.1.0-2
- Backport PR #1466 to fix threading detection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2404092 - libre-4.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2404092
[ 2 ] Bug #2404130 - baresip-4.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2404130
--------------------------------------------------------------------------------
================================================================================
partclone-0.3.40-1.el8 (FEDORA-EPEL-2025-b39f2688ee)
Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:
partclone v0.3.40
xfsclone: prevent startblock truncation to support filesystems larger than 16 TB
Localization: Updated PO files, removed \r escape sequences from gettext
messages
Documentation: Updated logs, docs, and formatting
Miscellaneous: Minor test updates, merges, and configure.ac changes
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 29 2025 Robert Scheck <[email protected]> 0.3.40-1
- Upgrade to 0.3.40 (#2416946)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416946 - partclone-0.3.40 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2416946
--------------------------------------------------------------------------------
================================================================================
suricata-7.0.13-1.el8 (FEDORA-EPEL-2025-f1e00653f9)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
Upstream security and bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 30 2025 Jason Taylor <[email protected]> 7.0.13-1
- Upstream bugfix/security release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2382738 - CVE-2025-53538 suricata: Suricata resource starvation
[epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2382738
[ 2 ] Bug #2400921 - CVE-2025-59148 suricata: Suricata NULL pointer
dereference [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2400921
[ 3 ] Bug #2400925 - CVE-2025-59147 suricata: Suricata is Vulnerable to
Detection Bypass via Crafted Multiple SYN Packets [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2400925
[ 4 ] Bug #2401755 - CVE-2025-59150 suricata: Suricata: Keyword
tls.subjectaltname can lead to NULL-ptr deref [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2401755
[ 5 ] Bug #2417513 - CVE-2025-64330 suricata: Suricata: Single byte read heap
overflow leads to denial of service [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2417513
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
