The following Fedora EPEL 9 Security updates need testing:
Age URL
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db
xpdf-4.06-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-16dc0220ef
fcgi-2.4.7-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-02dd502cb2
libwebsockets-4.3.7-2.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fbab8bc83a
suricata-7.0.13-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-51d4080725
imhex-1.37.4-3.el9 lunasvg-3.5.0-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7b2f9fd08b
tinyproxy-1.11.2-5.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ea025c55af
apptainer-1.4.5-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
fldigi-4.2.10-1.el9
nordugrid-arc-nagios-plugins-3.2.3-2.el9
rust-lzma-rust2-0.15.3-1.el9
singularity-ce-4.3.5-1.el9
vsomeip3-3.5.11-3.el9
wordpress-6.9-1.el9
yarnpkg-1.22.22-14.el9
Details about builds:
================================================================================
fldigi-4.2.10-1.el9 (FEDORA-EPEL-2025-f840644350)
Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:
Maintenance release. screen scale
. screen number
. Control Positions
. Deprecate DIAMOND box
. flrig FSK parameters
. LMDE-7 compiler
. disappearing rx pane
. Blinking RTTY mark track
. FSK with flrig
. Add gpiod support
. Mxe compatability
. fsq sounder
. cw/wfall-only
. Regex Search
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Richard Shaw <[email protected]> - 4.2.10-1
- Update to 4.2.10.
* Mon Oct 27 2025 Richard Shaw <[email protected]> - 4.2.09-1
- Update to 4.2.09.
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
4.2.06-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Feb 6 2025 Richard Shaw <[email protected]> - 4.2.06-4
- Rebuild for hamlib 4.6.
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
4.2.06-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Dec 31 2024 Richard Shaw <[email protected]> - 4.2.06-2
- Rebuild for Hamlib 4.6.
* Fri Oct 11 2024 Richard Shaw <[email protected]> - 4.2.06-1
- Update to 4.2.06.
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
4.2.04-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> -
4.2.04-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
4.2.04-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402715 - fldigi-4.2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402715
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-nagios-plugins-3.2.3-2.el9 (FEDORA-EPEL-2025-350fb5fd5a)
Nagios plugins for ARC
--------------------------------------------------------------------------------
Update Information:
Add dependecy on nordugrid-arc-plugins-gridftp to EGI configuration
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Mattias Ellert <[email protected]> - 3.2.3-2
- Add dependecy on nordugrid-arc-plugins-gridftp to EGI configuration
--------------------------------------------------------------------------------
================================================================================
rust-lzma-rust2-0.15.3-1.el9 (FEDORA-EPEL-2025-8d0c7bf5dc)
LZMA / LZMA2 / LZIP / XZ compression ported from 'tukaani xz for java'
--------------------------------------------------------------------------------
Update Information:
Initial package for rust-lzma-rust2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Benjamin A. Beasley <[email protected]> - 0.15.3-1
- Update to 0.15.3
* Wed Dec 3 2025 Benjamin A. Beasley <[email protected]> - 0.15.2-2
- Update deprecated syntax in rust2rpm.toml
* Wed Dec 3 2025 Benjamin A. Beasley <[email protected]> - 0.15.2-1
- Initial package (close RHBZ#2418485)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418485 - Review Request: rust-lzma-rust2 - LZMA / LZMA2 / LZIP /
XZ compression ported from 'tukaani xz for java'
https://bugzilla.redhat.com/show_bug.cgi?id=2418485
--------------------------------------------------------------------------------
================================================================================
singularity-ce-4.3.5-1.el9 (FEDORA-EPEL-2025-a51b0db53c)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to 4.3.5 upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 David Trudgian <[email protected]> - 4.3.5-1
- Upgrade to 4.3.5 upstream version.
- Fixes CVE-2025-64750
--------------------------------------------------------------------------------
================================================================================
vsomeip3-3.5.11-3.el9 (FEDORA-EPEL-2025-ec6e56bab0)
COVESA implementation of SOME/IP protocol
--------------------------------------------------------------------------------
Update Information:
Update to 3.5.11 and rewrite the selinux policy from scratch
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Stephen Smoogen <[email protected]> - 3.5.11-3
- Rewrite the selinux policy from scratch with sepolgen
- Remove the socket creation as systemd as vsomeip will not work with it.
* Mon Dec 1 2025 Stephen Smoogen <[email protected]> - 3.5.11-2
- Try to fix the selinux problem seen with CS10
- Try to fix problem with socket creation and systemd
* Mon Dec 1 2025 Stephen Smoogen <[email protected]> - 3.5.11-1
- Update to newest version of vsomeip3.
* Wed Aug 27 2025 Stephen Smoogen <[email protected]> - 3.5.7-2
- Remove i686 as it no longer builds and is not needed.
* Tue Aug 26 2025 Stephen Smoogen <[email protected]> - 3.5.7-1
- Update to 3.5.7
- Clean up patches to just two as others are now upstream
* Mon Mar 31 2025 Stephen Smoogen <[email protected]> - 3.5.5-2
- Updated 3.5.4 to 3.5.5.
- Try to make the Cmake pic vs pie patch upstreamable
* Mon Mar 17 2025 Stephen Smoogen <[email protected]> - 3.5.4-1
- Moved from 3.3.x to 3.5.x
- License has changed from MPLv2 AND Boost to MPLv2
- No longer need to carry the big-endian patch
- Needed to fix some entries which did not include cstdint
* Tue Feb 11 2025 Zbigniew JÄdrzejewski-Szmek <[email protected]> - 3.3.8-6
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
3.3.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
3.3.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
3.3.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Jonathan Wakely <[email protected]> - 3.3.8-2
- Rebuilt for Boost 1.83
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2389291 - vsomeip3-3.5.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2389291
[ 2 ] Bug #2417995 - vsomeip3 SELinux policy prevents container access to
/run/vsomeip/vsomeip-0 on AutoSD 10
https://bugzilla.redhat.com/show_bug.cgi?id=2417995
--------------------------------------------------------------------------------
================================================================================
wordpress-6.9-1.el9 (FEDORA-EPEL-2025-b869348e35)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 6.9 âGeneâ
See the upstream announcement
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Remi Collet <[email protected]> - 6.9-1
- WordPress 6.9 âGeneâ
--------------------------------------------------------------------------------
================================================================================
yarnpkg-1.22.22-14.el9 (FEDORA-EPEL-2025-49b2eb404d)
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2205-64756.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Sandro Mani <[email protected]> - 1.22.22-14
- Bump release
* Wed Dec 3 2025 Sandro Mani <[email protected]> - 1.22.22-13
- Refresh bundle, fixes CVE-2025-64756
* Tue Sep 30 2025 Sandro Mani <[email protected]> - 1.22.22-12
- Regenerate bundle, fixes CVE-2025-59343
- Patch out eslint and commitizen devDependencies to reduce dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418529 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via
-c/--cmd executes matches with shell:true [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2418529
[ 2 ] Bug #2418532 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via
-c/--cmd executes matches with shell:true [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418532
[ 3 ] Bug #2418538 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via
-c/--cmd executes matches with shell:true [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418538
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
