The following Fedora EPEL 10.1 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-66b4d6f6bf
libwebsockets-4.3.7-2.el10_1
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-00dab21def
imhex-1.37.4-3.el10_1 lunasvg-3.5.0-1.el10_1
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-343fcf2075
tinyproxy-1.11.2-5.el10_1
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e2803aecfe
singularity-ce-4.3.5-1.el10_1
The following builds have been pushed to Fedora EPEL 10.1 updates-testing
apptainer-1.4.5-2.el10_1
borgbackup-1.4.3-1.el10_1
webkitgtk-2.50.2-2.el10_1
Details about builds:
================================================================================
apptainer-1.4.5-2.el10_1 (FEDORA-EPEL-2025-8e02728fbe)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Apply fuse2fs patches that were accidentally empty
Update to upstream 1.4.5, including a fix for CVE-2025-65105
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Dave Dykstra <[email protected]> - 1.4.5-2
- Include the real patches for e2fsprogs instead of empty files. Fixes
BZ#2417548.
* Mon Dec 1 2025 Dave Dykstra <[email protected]> - 1.4.5
- Update to upstream 1.4.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2417548 - overlay functionality seems broken in 1.4.4-1.el9
https://bugzilla.redhat.com/show_bug.cgi?id=2417548
--------------------------------------------------------------------------------
================================================================================
borgbackup-1.4.3-1.el10_1 (FEDORA-EPEL-2025-f9a515c2b6)
A deduplicating backup program with compression and authenticated encryption
--------------------------------------------------------------------------------
Update Information:
new upstream release with bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 3 2025 Felix Schwarz <[email protected]> - 1.4.3-1
- update to 1.4.3
--------------------------------------------------------------------------------
================================================================================
webkitgtk-2.50.2-2.el10_1 (FEDORA-EPEL-2025-7ff96bb97d)
GTK web content engine library
--------------------------------------------------------------------------------
Update Information:
Merge remote-tracking branch 'origin/f43' into epel10.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2025 Michael Catanzaro <[email protected]> - 2.50.2-1
- Update to 2.50.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416358 - CVE-2023-43000 webkitgtk: Processing maliciously crafted
web content may lead to memory corruption [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416358
[ 2 ] Bug #2416365 - CVE-2025-43392 webkitgtk: A website may exfiltrate image
data cross-origin [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416365
[ 3 ] Bug #2416371 - CVE-2025-43419 webkitgtk: Processing maliciously crafted
web content may lead to memory corruption [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416371
[ 4 ] Bug #2416377 - CVE-2025-43425 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416377
[ 5 ] Bug #2416383 - CVE-2025-43427 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416383
[ 6 ] Bug #2416390 - CVE-2025-43429 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416390
[ 7 ] Bug #2416403 - CVE-2025-43430 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416403
[ 8 ] Bug #2416409 - CVE-2025-43431 webkitgtk: Processing maliciously crafted
web content may lead to memory corruption [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416409
[ 9 ] Bug #2416415 - CVE-2025-43432 webkitgtk: Processing maliciously crafted
web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416415
[ 10 ] Bug #2416421 - CVE-2025-43434 webkitgtk: Processing maliciously
crafted web content may lead to an unexpected Safari crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416421
[ 11 ] Bug #2416427 - CVE-2025-43440 webkitgtk: Processing maliciously
crafted web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416427
[ 12 ] Bug #2416433 - CVE-2025-43443 webkitgtk: Processing maliciously
crafted web content may lead to an unexpected process crash [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416433
[ 13 ] Bug #2416439 - CVE-2025-43480 webkitgtk: A malicious website may
exfiltrate data cross-origin [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2416439
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
