The following Fedora EPEL 9 Security updates need testing:
Age URL
24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db
xpdf-4.06-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c15a630034
python3.13-3.13.11-1.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f43c018f46
python-django4.2-4.2.27-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-b479f3bb28
checkpointctl-1.4.1-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-143.0.7499.109-2.el9
libucontext-1.5-1.el9
python3.11-ldap-epel-3.4.5-1.el9
rust-rustls-pemfile-2.2.0-4.el9
Details about builds:
================================================================================
chromium-143.0.7499.109-2.el9 (FEDORA-EPEL-2025-69e9a501c7)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.109
* High: Under coordination
* Medium CVE-2025-14372: Use after free in Password Manager
* Medium CVE-2025-14373: Inappropriate implementation in Toolbar
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 11 2025 Than Ngo <[email protected]> - 143.0.7499.109-2
- Enable gtk4 by default
* Thu Dec 11 2025 Than Ngo <[email protected]> - 143.0.7499.109-1
- Update to 143.0.7499.109
* High: Under coordination
* Medium CVE-2025-14372: Use after free in Password Manager
* Medium CVE-2025-14373: Inappropriate implementation in Toolbar
- Workaround problem of auto dark mode inverting images and making them
unreadable
* Tue Dec 9 2025 LuK1337 <[email protected]> - 143.0.7499.40-2
- Backport Wayland Omnibox bug fix from upstream
--------------------------------------------------------------------------------
================================================================================
libucontext-1.5-1.el9 (FEDORA-EPEL-2025-37bdabc6ce)
ucontext implementation featuring glibc-compatible ABI
--------------------------------------------------------------------------------
Update Information:
Initial packaging for Fedora
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 13 2025 Neal Gompa <[email protected]> - 1.5-1
- Update to 1.5
* Tue Nov 18 2025 Neal Gompa <[email protected]> - 1.3.3-1
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415553 - Review Request: libucontext - ucontext implementation
featuring glibc-compatible ABI
https://bugzilla.redhat.com/show_bug.cgi?id=2415553
--------------------------------------------------------------------------------
================================================================================
python3.11-ldap-epel-3.4.5-1.el9 (FEDORA-EPEL-2025-c9895b0a25)
An object-oriented API to access LDAP directory servers
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.5
CVE-2025-61911 CVE-205-61912
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2025 Orion Poplawski <[email protected]> - 3.4.5-1
- Update to 3.4.5 (CVE-2025-61911 CVE-205-61912)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2406983 - CVE-2025-61911 python3.11-ldap-epel: sanitization bypass
in ldap.filter.escape_filter_chars [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2406983
[ 2 ] Bug #2406986 - CVE-2025-61911 python3.11-ldap-epel: sanitization bypass
in ldap.filter.escape_filter_chars [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2406986
[ 3 ] Bug #2406989 - CVE-2025-61912 python3.11-ldap-epel: python-ldap
Vulnerable to Improper Encoding or Escaping of Output and Improper Null
Termination [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2406989
[ 4 ] Bug #2406993 - CVE-2025-61912 python3.11-ldap-epel: python-ldap
Vulnerable to Improper Encoding or Escaping of Output and Improper Null
Termination [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2406993
--------------------------------------------------------------------------------
================================================================================
rust-rustls-pemfile-2.2.0-4.el9 (FEDORA-EPEL-2025-d2869e2020)
Basic .pem file parser for keys and certificates
--------------------------------------------------------------------------------
Update Information:
Skip one test that fails harmlessly with rustls-pki-types 1.13+. Fixes FTBFS
issues across all branches of Fedora and EPEL.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 13 2025 Fabio Valentini <[email protected]> - 2.2.0-4
- Skip one test that fails harmlessly with rustls-pki-types 1.13+
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
2.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
