[EPEL-devel] Fedora EPEL 8 updates-testing report

updates Sat, 13 Dec 2025 17:30:49 -0800

The following Fedora EPEL 8 Security updates need testing:
 Age  URL
  24  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2   
xpdf-4.06-1.el8
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-2fb219025a   
checkpointctl-1.4.1-9.el8



The following builds have been pushed to Fedora EPEL 8 updates-testing

    python3.11-ldap-epel-3.4.5-1.el8
    python38-ldap-epel-3.4.3-2.el8
    python39-ldap-epel-3.4.3-2.el8

Details about builds:


================================================================================
 python3.11-ldap-epel-3.4.5-1.el8 (FEDORA-EPEL-2025-cb47cd63d1)
 An object-oriented API to access LDAP directory servers
--------------------------------------------------------------------------------
Update Information:

Update to 3.4.5
CVE-2025-61911 CVE-205-61912
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 12 2025 Orion Poplawski <[email protected]> - 3.4.5-1
- Update to 3.4.5 (CVE-2025-61911 CVE-205-61912)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2406983 - CVE-2025-61911 python3.11-ldap-epel: sanitization bypass 
in ldap.filter.escape_filter_chars [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406983
  [ 2 ] Bug #2406986 - CVE-2025-61911 python3.11-ldap-epel: sanitization bypass 
in ldap.filter.escape_filter_chars [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406986
  [ 3 ] Bug #2406989 - CVE-2025-61912 python3.11-ldap-epel: python-ldap 
Vulnerable to Improper Encoding or Escaping of Output and Improper Null 
Termination [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406989
  [ 4 ] Bug #2406993 - CVE-2025-61912 python3.11-ldap-epel: python-ldap 
Vulnerable to Improper Encoding or Escaping of Output and Improper Null 
Termination [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406993
--------------------------------------------------------------------------------


================================================================================
 python38-ldap-epel-3.4.3-2.el8 (FEDORA-EPEL-2025-58be015476)
 An object-oriented API to access LDAP directory servers
--------------------------------------------------------------------------------
Update Information:

Apply upstream fix for CVE-2025-61911 CVE-205-61912'
--------------------------------------------------------------------------------
ChangeLog:

* Sat Dec 13 2025 Orion Poplawski <[email protected]> - 3.4.3-2
- Apply upstream fix for CVE-2025-61911 CVE-205-61912
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2406984 - CVE-2025-61911 python38-ldap-epel: sanitization bypass 
in ldap.filter.escape_filter_chars [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406984
  [ 2 ] Bug #2406991 - CVE-2025-61912 python38-ldap-epel: python-ldap 
Vulnerable to Improper Encoding or Escaping of Output and Improper Null 
Termination [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406991
--------------------------------------------------------------------------------


================================================================================
 python39-ldap-epel-3.4.3-2.el8 (FEDORA-EPEL-2025-b6fbc3fa28)
 An object-oriented API to access LDAP directory servers
--------------------------------------------------------------------------------
Update Information:

Apply upstream fix for CVE-2025-61911 CVE-205-61912'
--------------------------------------------------------------------------------
ChangeLog:

* Sat Dec 13 2025 Orion Poplawski <[email protected]> - 3.4.3-2
- Apply upstream fix for CVE-2025-61911 CVE-205-61912
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2406985 - CVE-2025-61911 python39-ldap-epel: sanitization bypass 
in ldap.filter.escape_filter_chars [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406985
  [ 2 ] Bug #2406992 - CVE-2025-61912 python39-ldap-epel: python-ldap 
Vulnerable to Improper Encoding or Escaping of Output and Improper Null 
Termination [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2406992
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Fedora EPEL 8 updates-testing report

Reply via email to