The following Fedora EPEL 10.1 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f8b4636e06
fcgi-2.4.7-1.el10_1
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-66b4d6f6bf
libwebsockets-4.3.7-2.el10_1
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-00dab21def
imhex-1.37.4-3.el10_1 lunasvg-3.5.0-1.el10_1
The following builds have been pushed to Fedora EPEL 10.1 updates-testing
apptainer-1.4.5-1.el10_1
tinyproxy-1.11.2-5.el10_1
vlc-3.0.22-1.el10_1
Details about builds:
================================================================================
apptainer-1.4.5-1.el10_1 (FEDORA-EPEL-2025-066c32c492)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.5, including a fix for CVE-2025-65105
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 1 2025 Dave Dykstra <[email protected]> - 1.4.5
- Update to upstream 1.4.5
--------------------------------------------------------------------------------
================================================================================
tinyproxy-1.11.2-5.el10_1 (FEDORA-EPEL-2025-343fcf2075)
A small, efficient HTTP/SSL proxy daemon
--------------------------------------------------------------------------------
Update Information:
Add upstream patch to fix CVE-2025-63938.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Carl George <[email protected]> - 1.11.2-5
- Add upstream patch to fix CVE-2025-63938
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.11.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.11.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2417326 - CVE-2025-63938 tinyproxy: Tinyproxy integer overflow
[epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2417326
--------------------------------------------------------------------------------
================================================================================
vlc-3.0.22-1.el10_1 (FEDORA-EPEL-2025-e2f46a3b61)
The cross-platform open-source multimedia framework, player and server
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.22: https://code.videolan.org/videolan/vlc/-/tags/3.0.22
Disable decoding using libdca, libmpeg2 and liba52 by default in favor of
libavcodec
Added dmxmus plugin
Enable daala on EPEL 10.1+
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Yaakov Selkowitz <[email protected]> - 1:3.0.22-1
- 3.0.22
* Tue Dec 2 2025 Yaakov Selkowitz <[email protected]> - 1:3.0.22~rc2-1
- 3.0.22-rc2
* Tue Dec 2 2025 Yaakov Selkowitz <[email protected]> - 1:3.0.22~rc1-1
- 3.0.22-rc1
* Tue Dec 2 2025 Yaakov Selkowitz <[email protected]> - 1:3.0.21-30
- Enable daala in EPEL 10
* Fri Nov 7 2025 Dominik 'Rathann' Mierzejewski <[email protected]> -
1:3.0.21-29
- correct postproc bcond to account for EPEL 11
* Thu Nov 6 2025 Dominik 'Rathann' Mierzejewski <[email protected]> -
1:3.0.21-28
- Fix build with FFmpeg 8
* Sun Nov 2 2025 Dominik 'Rathann' Mierzejewski <[email protected]> -
1:3.0.21-27
- Rebuilt for live555
* Tue Jul 29 2025 Yaakov Selkowitz <[email protected]> - 1:3.0.21-26
- Disable crystalhd
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1:3.0.21-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329415 - [abrt] vlc-cli: qt_useHarfbuzzNG(): vlc killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2329415
[ 2 ] Bug #2332833 - [abrt] vlc-cli: entry_is_free(): vlc killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2332833
[ 3 ] Bug #2337067 - [abrt] vlc-cli: __sigtimedwait(): vlc killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2337067
[ 4 ] Bug #2349462 - [abrt] vlc-cli: vl_deint_filter_cleanup(): vlc killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2349462
[ 5 ] Bug #2354336 - [abrt] vlc-cli: lll_mutex_lock_optimized(): vlc killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2354336
[ 6 ] Bug #2354881 - [abrt] vlc-cli: eplX11CreateWindowSurface(): vlc killed
by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2354881
[ 7 ] Bug #2361495 - [abrt] vlc-cli: ___pthread_mutex_lock(): vlc killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2361495
[ 8 ] Bug #2373257 - vlc loses audio output after getting into
"unrecoverable" desynchronization spiral
https://bugzilla.redhat.com/show_bug.cgi?id=2373257
[ 9 ] Bug #2374158 - [abrt] vlc-cli: svt_aom_blk_geom_mds(): vlc killed by
SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2374158
[ 10 ] Bug #2375357 - [abrt] vlc-cli: json_getbyname(): vlc killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2375357
[ 11 ] Bug #2401906 - [abrt] vlc-cli:
std::__new_allocator<std::_List_node<TagLib::FileRef::FileTypeResolver const*>
>::allocate(): vlc killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2401906
[ 12 ] Bug #2414965 - vlc-3.0.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2414965
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
